1
The GRC Toolbox Pro is an integrated and centralized software solution that optimally supports the step-by-
Digital Management of Governance, Risk, Compliance, ICS and Security
www.swissgrc.com
2
Solutions and Use CasesHolistic solution base for organisation wide GRC
CMS
Data SecurityDirectives
Integral Safety
Work Safety
ISMS
ICS
Audit
ERM
ORM
IT-RM
BCM
Policy Management
Compliance
GRC Security
Governance
Risk Management
Contract Management
Physical Security
3
The GRC Toolbox with many features
make your work considerably easier
Extendable at any time, integrally applicable and individually expandable!
Predefined and customizable workflows Predefined and customizable reports Comprehensive automation and monitoring capabilities
(notifications, tasks, reminders, escalations) Comprehensive Role User and Permission Management Seamless integration with Active Directory, MS Exchange,
MS Office Full-text search of all contents Customizable and meaningful dashboards Collaboration features Notification functions (Email, Sms) Task Management Complete document management (DMS) with electronic
archiving, etc. for the management of specifications, proofs, processes and other documents
4
Internal Control System, ICS Software - digital and automatedThe GRC TOOLBOX PRO provides you with valuable support in evaluating the extent of the coverage of your Internal Control Systems and their effectiveness.
Suitable documentation for your Internal Control Systems (ICS)
File storage for your ICS-relevant documentation (directives, processes, verifications, etc.)
Definition of your control environment (organisational structure, processes, tasks, responsibilities, etc.)
Integration of the ICS-relevant corporate processes Evaluation of ICS-relevant risks Definition of the control mechanisms including
automatic task assignment (task, email) Completion and confirmation of the controls by the
responsible party Addition of verifications and documentation for
non-compliance Reminder and escalation mechanisms Clear and transparent ICS results and reporting Management of your ICS thanks to the integrated ICS
Dashboard
4
5
Zugerberg Finanz AG
The GRC Toolbox developed by Swiss GRC enables Zugerberg Finanz to operate its internal control systems simply, quickly and transparently. The automated actions simplify the oversight and management of the controls we’ve implemented and inform us immediately of any risks, controls and the resulting changes. As well, Swiss GRC’s specialists are highly competent
daily business with best practices, customised solutions and expert knowledge. »
ICS 2.0
«
6
Risk Management Software – Everything you need
Risk Management Software – Risk management is an important component of corporate management.
GRC Toolbox Pro supports you in each aspect of risk management. Whether it’s enterprise risk manage-ment (ERM), operational risk management (ORM) or IT risk management (ITRM), the GRC Toolbox Pro enables you to manage all categories of risk simply and effectively.
Identification of risks, description of the type, the causes and the effects Analysis of the identified risks based upon their likelihood and possible
effects Risk assessment according to previously defined risk acceptance criteria Risk management and response through intervention Integration with Internal Control Systems (ICS) Risk categorisation and aggregation (incl. multi-client capability) Risk monitoring thanks to reminder notices and workflows Pre-defined risk reports and the option of customising your own reports
(Report Designer) Risk Management Dashboard for intuitive visualisation of your data
77
Thanks to the Swiss GRC solution, known in-house as Tool-RM, we can centrally manage the areas of Risk Management, IT
»
Risk Management
«
7
8
Information Security / ISMS SoftwareSystematically Manage and Improve Information SecurityThe GRC Toolbox Pro provides you with the support you need in developing and operating an information security management system (ISMS) according to ISO/IEC 27001 norms. The GRC Toolbox Pro is the perfect
27001 and other norms are fully supported by the GRC Toolbox Pro’s feature set.
Manage documents relevant to information security (regulatory requirements, verifications)
Optimise information security risks, for example based on ISO 27001 or ISO 27005
Capture and track your information security measures and procedures Create and classify your Asset Inventory incl. inheritance of security
permissions Security Incident Management Exception Management Create your Statement of Applicability (SoA) Run Gap analyses and audits based on ISO 27001 and ISO 27002 Evaluate your information security compliance Visualise your information security with reports and the dashboard
8
9
Compliance Software – Quickly implement legal and regulatory requirements. Effectively manage and monitor them too.Compliance Software – your organisation is impacted by a large number of internal and external guidelines
effective Compliance Management (System) according to best practices (ISO 19600).
Identify and adhere to legal and compliance requirements Analysis of compliance risks Define and monitor control measures Manage relevant norms and regulations such as codes of conduct, process
descriptions and instruction guidelines Monitor the adherence to compliance requirements with assessments and
internal audits Manage compliance breaches and strive for continuous improvement Monitor compliance measures Reminder and escalation notices Record all compliance management procedures Simple compliance reports and the option of customising your own reports
(Report Designer) Compliance Dashboard for the intuitive visualisation of your compliance
activities and results In addition: contract management and directives management with audit-
compliant archiving functions
10
Data Protection SoftwareThe GRC Toolbox Pro provides you with the support you need in developing and operating a data security
data security are fully supported by the GRC Toolbox Pro’s feature set.
Management of documents relevant to data protection and security
Centralised oversight of data security requirements Optimisation of data security risks Tracking of data protection measures Creation and classification of your Asset Inventory incl.
inheritance of security permissions Security Incident Management Creation of your Statement of Applicability (SoA) Running gap analyses based on DPCO, for example Evaluation of your data security compliance Visualisation of your data protection with reports and
the dashboard
10
11
Contract managementContracts are critical to organisations. Thanks to the GRC Toolbox Pro, you can store and manage your contracts across their lifecycle in a controlled and organised manner. The contracts, their details and any attachments can be centrally and transparently managed.
Central repository for your contracts, including a clear overview
Recording of key contract data (parties, notice periods, amounts payable)
Full search, filter and grouping options Automatic monitoring of deadlines and notice periods Contract resubmission options Reminder and escalation procedures Multi-step revision and approval workflows Audit-compliant electronic archiving Comprehensive role-based access controls Reports and Dashboard provide clear overviews
12
Manage and Circulate your Directives Safely and TransparentlyAn organisation’s directives management system must regulate and incorporate all internal instructions and document all processes. That’s precisely how the GRC TOOLBOX PRO supports you through the lifecycle of a
Create, edit and manage directives centrally and transparently
Review, approve and publish directives (directives workflow)
Store metadata and use it to filter, sort, group or search documents (including full text searches), among others
File standardised document templates (template management)
Edit directives client-side in Microsoft Word or online using Microsoft Web Apps
Seamless integration with Microsoft Office products means you can easily use interactive features such as Outlook calendar syncing, Excel exports, document sharing, etc.
12
13
Internal Audit Management and Follow-up
resulting risks and measures (Follow-up).
Central documentation of internal and external audits (year plan)
Specification of the affected organizational units, processes and risks
Distribution of audit assignments and audit documents to the persons involved
Description and evaluation of the findings Recording and assigning measures to fix the findings Automatic distribution and monitoring of revision
tendencies, measures Standardized reporting on the audits, findings and
measures Clear evaluations with reports and dashboard
-
»«
14
Our customersMany companies already rely on the GRC solution and the know-how of Swiss GRC AG.
Chairman of the Board
Software Engineer
Member of the Board of Directors
Software Engineer
Chief Executive
Senior Consultant
Head of Sales & BD
Administration
Senior Consultant, Solution Engineer
Finance & Accounting
Choose the GRC Toolbox Pro! Contact us for a non-committal first meeting, for a live demonstration
More than 30 years of experience and expertise in consultingSwiss GRC is your specialist and expert on best practices in the digitisation of management and control systems, especially with regards to governance, risk management and compliance (GRC).
SWISS GRC DAY
www.swissgrc.com
Once a year, governance, risk management and compliance (GRC), related challenges, trends, as well as solutions and tools are the focus of an afternoon industry event.Experts share their knowledge with you, reveal tips, draw attention to developments and present solutions for current problem areas.
Visit our Website for all information about the next Swiss GRC Day via www.swissgrcday.ch