PASS GRC - Governance, Risk and Compliance Software

Modular, integrated GRC software to support IT governance


Fully integrated GRC software for IT governance, IT risk management and IT compliance

PASS GRC supports processes of IT governance, especially risk management, audits and KPI-based controlling.
The modern, user-configurable application environment includes notification and reminder management and ensures audit compliance. This results in an improvement for companies in terms of quality and productivity of collaboration, especially in risk management and internal and external audits.

The Governance Model of an IT Organization

Based on laws, standards and its own strategy, the IT organization of an enterprise has to define objectives and establish and implement necessary activities or measures (controls) as well as directives/guidelines. Risks associated with inadequate achievement of objectives must be regularly monitored and addressed (risk management). The adherence to the controls must always be checked within the scope of internal or external audits (compliance). Management requires KPIs (key performance indicators) for the timely monitoring of compliance with target values (controlling).

Legal basis

Support of legal requirements, e.g. EU GDPR, sector-specific supervisory regulations such as BAIT/VAIT and management system standards such as ISO/IEC 27001.

PASS GRC Highlights

Flexible control preferences/system settings

Flexible control preferences/system settings

Control requirements can be flexibly defined and adapted to, e.g. legal/regulatory requirements, management system standards. The use of existing rules and regulations enables rapid system availability.

Central management of documents

Central management of documents

Guidelines, respectively directives are available at a central location through the GRC tool. This ensures that all responsible persons are automatically reminded of necessary reviews and approvals.

Interactions and transparency in audits

Interactions and transparency in audits

Auditors can interact with asset owners in the risk module. The configurable workflow facilitates collaboration between auditors. The auditor has access to all results and findings of completed audits.

Configurable risk management process

Configurable risk management process

All parameters of the risk management process can be defined according to the specific requirements of the company. Those involved in the process are automatically reminded of pending or overdue activities.

Audit-proof archiving

Audit-proof archiving

Unchangeable snapshots are saved after data changes. These can be compared with each other, so that the change and the user who made it, along with the date and time of the revision, can be identified.

Automated KPI-based controlling

Automated KPI-based controlling

With the help of configurable adapters, KPIs can be updated periodically by accessing external systems, e.g. ticketing systems. A central dashboard shows the status of all KPIs and enables detailed views.

Functions of the GRC Tool

  • User-centered interface
    PASS GRC offers the user a uniform interface and user guidance across all modules, which can be customized. For example, users can save their own column settings and filters for each mask and call them up again at any time.

  • Notification and reminder management
    Immediately after logging on, each user is shown in his or her personal dashboard which processing steps are pending or overdue due to his or her assignment.

  • Workflow
    Status values can be defined independently for all modules. It can be defined which status values are relevant for the notification and reminder management.

  • Authorization system
    The configurable roles/rights system allows a fine-grained definition of function-related rights for internal and external users. The visibility of risks, checks and measures can be reliably restricted by assigning freely definable scopes for each user.

  • Flexible adaptation to company-specific requirements
    To customize the risk module, numerous options, intervals, lead times for displaying due processing steps in the dashboard, etc. can be customized to meet the specific needs of the company.

  • Report Generator
    An optionally integrated report generator enables the creation of standard reports and their provision for retrieval by defined user groups.

Screenshots from the PASS GRC Suite


For users and the technical side

For users and the technical side

  • Customizable, user-friendly interfaces with contemporary UX design.
  • Configurable notification and reminder management.
For IT or divisional managers

For IT or divisional managers

  • Interactions and transparency between the modules, such as auditor insight into risk assessments and triggering a reassessment of risks.
For decision makers and management

For decision makers and management

  • Conformity of the own GRC processes to the defined goals.
  • Possibility to anticipate threats to the achievement of objectives.

PASS Services

Our services

With our services we offer implementation support to the necessary extent. This includes for example

  • the analysis of your processes and requirements,
  • the setup and configuration based on existing frameworks or the transfer of existing data,
  • the integration into your system landscape,
  • the creation of adaptors and
  • the training of your users.

Our experts will be happy to advise you on setting up or integrating existing management or control systems and will also support you in working with external auditors.

Within the scope of maintenance, we provide you with necessary updates, for example in case of changes in relevant laws or standards.

Frequently asked questions from our customers


Usage models of the GRC Software

Claus Stielenbach

PASS Consulting Group

+49 60 21 . 38 81 75 75