Governance, Risk, and Compliance (GRC) helps transform inefficient processes across your extended enterprise into an integrated risk program. Through continuous monitoring and automation Platform delivers a real-time view of compliance and risk, improves decision making, and increases performance across your organization and with vendors. Only Platform can connect the business, security, and IT with an integrated risk framework that transforms manual, siloed, and inefficient processes into a unified program built on a single platform.
Risk Profiles and Issues Management form the base of the GRC suite and are available to all four GRC applications. These components enable profiling, continuous monitoring, and issue management, thus making GRC more user friendly. Risk Profiles integrate directly with the CMDB to identify and assess risk services, business processes, departments, and vendors. Issues Management enables Compliance and Risk Managers to create and manage tasks for Policy and Risk exceptions as well as for the timely remediation or acceptance of control non-compliance and risk exposure.
GRC applications include:
Policy and Compliance Management
Compliance Management enables the customer to operationalize compliance controls and demonstrate compliance at the micro- and macro- organizational levels, and to automate and manage the compliance policy lifecycle. This application allows customers to consistently identify, assess, and monitor control activities, enable continuous monitoring of compliance and risk posture, and design and implement business and IT processes that support compliance and security controls.
Risk Management
The Risk Management application focuses on the identification, assessment, response, and continuous monitoring of risk that may adversely impact the business. Key capabilities allow organizations to establish a scoring criteria and methodology so that risk scores are consistent, normalized and easy to understand; define a library of risks and integrate with CMDB data to identify at-risk business services and IT infrastructure; and use qualitative and quantitative metrics to define risk appetite and report risk exposure in real time.
Audit Management
Audit Management is designed to automate and orchestrate the work streams of internal audit teams and provide a single system of record for all documents and communications. Audit Management delivers capabilities to plan, scope, and manage audit engagements, and includes four out-of-box audit tasks: control test, interview, walkthrough, and activity. Users can quickly generate, test, and review controls scoped into an engagement and review a Control Test to help ensure accuracy and integrity of the work.
Privacy Management
Privacy Management provides an integrated, proactive, and automated way to manage privacy risk and sustain compliance. It can help you:
Stay on top of privacy risks and evolving regulations with continuous monitoring at scale
Support privacy by design in daily workflows through unified and scalable enterprise-wide data privacy governance, on a single platform
Use Case Accelerators
Accelerators allow users to configure pre-defined features such as policies, control objectives, scopes, indicators, risks, dashboards and reports. These are available on the Store.
Advanced Risk Management
This application provides capabilities to manage, mitigate, and report on operational risk. Advanced Risk Management provides a centralized process for risk managers to assess, roll-up, and report on risks at various levels of their organization and receive and process risk events that may impact an organization’s risk posture.
Regulatory Change Management
The Regulatory Change Management solution enables you to proactively manage regulatory changes to keep up with today’s ever-changing regulatory environment, with its constantly expanding obligations. Integrated with Platform’s Risk and Compliance applications, it can help map the external regulations to your internal controls and processes. Initially we integrate out-of-the-box with Thomson Reuters Regulatory Intelligence feeds for the most currently list of regulatory events that you can assess to determine the impact to the business. Finally, the Regulatory Change Dashboard provides visibility into an organization’s regulatory landscape including events, tasks, and due dates. The result is a seamless end-to-end regulatory change management program.
Continuous Authorization and Monitoring
The Continuous Authorization and Monitoring solution helps you bring systems online more quickly by streamlining the NIST Risk Management Framework (RMF) process lifecycle. Organisations can define an authorization boundary with real-time infrastructure data while automatically assigning baseline controls. Organisations can also get approval to operate and perform ongoing authorization via continuous monitoring.
Advanced Audit Management
The Advanced Audit Management solution provides automates the complete audit lifecycle, including risk-based scoping using auditable units, resource and cost planning, milestone tracking, observation creation, identification of reportable issues, and a detailed evidence collection workflow.
Vendor Risk Management
Platform Vendor Risk Management transforms the way Organisations manages vendor risk through vital reporting of vendor risk and issues, a consistent assessment and remediation process, and automated assessment procedures. It provides a means to facilitate stakeholder interactions, drive transparency and accountability, and effectively monitor vendor-related risks. By aligning vendor risk management with overall enterprise risk management priorities, you can create an essential integrated view of risk and a stronger extended enterprise risk posture.
Operational Resilience Management
Operational Resilience Management continuously collects risk, compliance, and issue status using indicators embedded within control systems so Organisations can oversee, optimize, and report on operational performance as situations change. Planning tools include impact tolerance setting and scenario analysis to help you stress test and improve your resilience. The product is most effective when combined with Platform Business Continuity Management and Vendor Risk Management so you can access plan and supplier status. Other out-of-the-box integrations help you gain insights from HR Service Delivery (including Emergency Response and Safe Workplace Apps), Security Operations, ITSM, CMDB, and ITBM products. Our unified architecture and single data model help you develop a comprehensive resilience management program.
Business Continuity Management
Platform Business Continuity Management (BCM) harmonizes the business continuity and disaster recovery process through real-time integration with the Configuration Management Database (CMDB). With data available for use in business continuity/disaster recovery (BCDR) plans, Organisations can update plans in real-time as day-to-day ITSM and ITOM operations take place, allowing users to operationalize BC and DR. Organisations can protect its enterprise’s workflows by bridging the gap between business resiliency and IT disaster recovery with Platform BCM.
Performance Analytics
The Performance Analytics application gives you the power to be effective in 5 different ways:
Anticipate trends – Monitor current and prior performance to identify areas of improvement and service bottlenecks before they happen.
Prioritize resources – Bring clarity to what matters and quickly redirect service coverage to where it’s needed most.
Maximize automation and self-service – Easily pinpoint areas where automation and Self-Service can increase efficiency, reduce costs and deliver great experiences.
Guide Continual Service Improvement – Advocate for progress and take action on KPIs using Analytics Hub, time charts, forecasts, breakdown, and dashboards.
Act with Confidence – Drive the business forward and accelerate results by aligning service and operations with company strategy
Predictive Intelligence
Predictive Intelligence automatically categorizes and routes issues to the right resolution team, while empowering technicians with AI-assisted answers for faster resolutions. Predictive Intelligence applies machine learning to historical request patterns, allowing it to become increasingly accurate in its predictive recommendations.
Virtual Agent
Virtual Agent provides instant resolution to repetitive tasks and requests via Virtual Agent—an automated, conversational chatbot that understands natural human language. Virtual Agent provides customers and employees with 24/7 self-service, freeing IT staff to work on more meaningful tasks and allowing for greater scalability and smarter resource spend.
