Defining and controlling objectives with KPIs and transparency
Top Management buy-into is important for your management system. Under-Controls allows you to define objectives and bind them to key performance indicators (KPIs) and view everything in a dashboard. This way organizations can effectivly track and follow their objectives to measure, visualize and reach compliance within the management system. Through this feature, you can set and control the desired objectives for your GRC-process of your organization.
Plan and track measures, perform risk assessment and audits
Organizations can track measures and create an individual to-do list for each user which includes notification and scheduled tasks. With Under-Controls management system, organizations can also manage incidents and awareness trainings, create risks and corresponding mitigations for risk derived frmo the risk management process, visualize risk in a risk matrix and create and maintain an asset inventory. You are also able to track audits and maturity and document management reviews.
Setting up your System of Controls, defining your GRC framework
For all management systems, a customized control framework (CCF) helps to stay compliant with standards like SOC, ISO, PCI DSS, Data Protection and more. Under-Controls management system allows the definition of a flexible control catalog. It then will be mapped to existing control standards. Through filter options, it is easy to create a statement of applicability and other reports necessary for communication. Under-Control management system is configured to start with standard for ISO 9001, ISO 14001, ISO 50001, ISO 27001, TISAX, SOC2, PCI-DSS, and BSI IT-Grundschutz. Hence, allowing you to set up your GRC framework with adequately controls based on the selected standards.
Managing requirements and evidence for Audits for Management Systems such as ISO, SOC 2, Data Protection and more
For most management systems, it is necessary to prove compliance through auditing. Auditors need to collect evidences regularly. With Under-Controls management system you can collect evidence (e.g. files, screenshots, etc.) and map it to existing requirements to being well prepared for audits. You can plan and track audit results from internal or external audits over time and document non-conformities.
Track regulatory, contractual and legal requirements
An up-to-date compliance register is necessary to identify all requirements within management systems. With Under-Controls management system it becomes easy to track requirements coming from laws and regulations as well as contracts. With Under-Controls, you can connect these with existing controls and measures. Tracking all the compliance requirements will be beneficial for audits as well as imporving the maturtity of your processes.
Tracking suppliers with the Supplier Management Process
It is vital to prove that vendors/suppliers are compliant with quality requirements, requirements in the context of data protection, and service levels required by information security standards. With Under-Controls management system suppliers can be audited by defining questionnaires, sending them, and getting a response directly in the GRC tool. Supplier auditing becomes an easy task and will help organizations to secure the supply chain.