PASS GRC - Governance, Risk and Compliance Software
PASS GRC Suite
Fully integrated GRC software for IT governance, IT risk management and IT compliance
PASS GRC supports processes of IT governance, especially risk management, audits and KPI-based controlling.
The modern, user-configurable application environment includes notification and reminder management and ensures audit compliance. This results in an improvement for companies in terms of quality and productivity of collaboration, especially in risk management and internal and external audits.
The Governance Model of an IT Organization
Based on laws, standards and its own strategy, the IT organization of an enterprise has to define objectives and establish and implement necessary activities or measures (controls) as well as directives/guidelines. Risks associated with inadequate achievement of objectives must be regularly monitored and addressed (risk management). The adherence to the controls must always be checked within the scope of internal or external audits (compliance). Management requires KPIs (key performance indicators) for the timely monitoring of compliance with target values (controlling).
Flexible control preferences/system settings
Control requirements can be flexibly defined and adapted to, e.g. legal/regulatory requirements, management system standards. The use of existing rules and regulations enables rapid system availability.
Central management of documents
Guidelines, respectively directives are available at a central location through the GRC tool. This ensures that all responsible persons are automatically reminded of necessary reviews and approvals.
Interactions and transparency in audits
Auditors can interact with asset owners in the risk module. The configurable workflow facilitates collaboration between auditors. The auditor has access to all results and findings of completed audits.
Configurable risk management process
All parameters of the risk management process can be defined according to the specific requirements of the company. Those involved in the process are automatically reminded of pending or overdue activities.
Unchangeable snapshots are saved after data changes. These can be compared with each other, so that the change and the user who made it, along with the date and time of the revision, can be identified.
Automated KPI-based controlling
With the help of configurable adapters, KPIs can be updated periodically by accessing external systems, e.g. ticketing systems. A central dashboard shows the status of all KPIs and enables detailed views.
PASS GRC offers the user a uniform interface and user guidance across all modules, which can be customized. For example, users can save their own column settings and filters for each mask and call them up again at any time.
Notification and reminder management
Immediately after logging on, each user is shown in his or her personal dashboard which processing steps are pending or overdue due to his or her assignment.
Status values can be defined independently for all modules. It can be defined which status values are relevant for the notification and reminder management.
The configurable roles/rights system allows a fine-grained definition of function-related rights for internal and external users. The visibility of risks, checks and measures can be reliably restricted by assigning freely definable scopes for each user.
Flexible adaptation to company-specific requirements
To customize the risk module, numerous options, intervals, lead times for displaying due processing steps in the dashboard, etc. can be customized to meet the specific needs of the company.
An optionally integrated report generator enables the creation of standard reports and their provision for retrieval by defined user groups.
For users and the technical side
- Customizable, user-friendly interfaces with contemporary UX design.
- Configurable notification and reminder management.
For IT or divisional managers
- Interactions and transparency between the modules, such as auditor insight into risk assessments and triggering a reassessment of risks.
For decision makers and management
- Conformity of the own GRC processes to the defined goals.
- Possibility to anticipate threats to the achievement of objectives.
With our services we offer implementation support to the necessary extent. This includes for example
- the analysis of your processes and requirements,
- the setup and configuration based on existing frameworks or the transfer of existing data,
- the integration into your system landscape,
- the creation of adaptors and
- the training of your users.
Our experts will be happy to advise you on setting up or integrating existing management or control systems and will also support you in working with external auditors.
Within the scope of maintenance, we provide you with necessary updates, for example in case of changes in relevant laws or standards.
|Operation on premise||Software as a Service (SaaS)/rental model|
|What types of licenses are available?||Company license, group license||Product license including hosting of the GRC software in the German PASS data center network|
|Is maintenance required?||Yes||Yes|
|What are the maintenance costs?||At least 18% of the license price, 33% if applicable||Costs are included in the service flat rate|
|Does the commissioning take place through an installation?||Yes||Yes|
|What are the advantages of this usage model?||Deep integration into business processes and systems. Customizing is possible||Unified service package from one source and hosting in Germany|