USU Governance, Risk & Compliance Manager (GRCM)

USU Logo

Overview

With the USU Governance, Risk & Compliance Manager (GRCM) processes and services can be evaluated in terms of risk, compliance (“adherence to rules”) and governance (“control”). For all three assessment dimensions (governance, risk & compliance), it is possible to work with a standardized process model.

Governance functions

Respond directly to business risks - even in processes: With the USU Governance, Risk & Compliance Manager (GRCM), you enable your IT to report faults, create changes or analyze risks for business processes as well.BPM processes are integrated into the service hierarchy for this purpose.

New function for audit planning: Get started with transparent audit planning. The new “GRCM audit” ticket type allows you to display and manage the entire hierarchy of an internal audit.

Compliance functions

Business Impact Analysis: What impact does an outage have on a service? What downtime would be critical? With the Business Impact Analysis, you can enrich your services with default information and then check these specifications against the recovery properties.

Import of the latest CERT messages: Integrate reports from digital vulnerability sources fully automatically using a GRCM process. The reports can then be linked directly to a business service as service documentation.

Compliance and continuity: Create a dual service structure for the failure situation, which you can evaluate and visualize together with the main structure. You can not only create this alternative service structure, but also check it for achievable recovery parameters (e.g. recovery time). In this way, you ensure that this service structure also corresponds to the default parameters of the Business Impact Analysis (BIA).

Benefits

360 Monitoring
Transparent audit planning
Business impact analyses
monitor-monitoring
Automatic import of vulnerability reports using an automatic GRCM process
Simple calculation and checking of the achievable compliance values from the service hierarchy (e.g. recovery time) and comparison with the specifications