the linkgrc platformthe linkgrc platform · this saves the em-ployees involved manual routines by...

Governance, Risk and Compliance Software made simple

THE LINKGRC PLATFORM

THE LINKGRC PLATFORMTHE LINKGRC PLATFORM


Many companies and organizations use spreadsheets and documents manually to handle deadlines, version control, audit trails and change management in relation to various value-adding processes. This can be very time consuming with considerable scope for error. Important deadlines may be overlooked and major deci-sions can be taken using incorrect versions of information. In addition, there are greater demands from ex-ternal and internal supervisory bodies in relation to documentation and controls of in-house developed tools that support essential business processes.

CHALLENGE

SOLUTION

The LinkGRC Platform and associated modules provide proven and well-structured governance processes for automated monitoring of deadlines, management of versions and audit trails. The LinkGRC Relationship Builder™ can ensure the structuring of relationships between elements of the various solution modules in a parent / child hierarchy. Standard interfaces allow information between the platform and other systems to be exchanged and easily exported in MS Office® formats.



• Automated monitoring of selected information and activities• Information hierarchies (parent / child relationships between elements)• Automated processes - “Workflows” and associated templates such as e-mails• Versions and audit trails• Basic reporting for export via templates or for additional external enhanced reporting• Role-specific and user-friendly overviews – “Dashboards”• User-friendly role and user management and general configuration of the system• Setup of notifications covering all modules• Access and user management

The ‘LinkGRC Platform – Hardware Requirements’ product sheet describes system requirements.

MAIN FEATURES

REQUIREMENTS

GOVERNANCE, RISK & COMPLIANCE

SOFTWARE MADE SIMPLE

RISK MANAGEMENT

Companies and organizations use many resources to maintain risks and risk reporting in MS Office® tools. This presents challenges such as:.

• Problematic version control - who has the latest version? Where is it? What changes have been made?• Unclear approval practice - who has approved? Where is the approval documented?• Uncertain consistency - there is no guaranteed consistency and quality of the data between collection and

further reporting

The process often takes months between collecting, analyzing and finally reporting the risk information to management and the Board. It is also highly probable that data has changed during the process,, which obviously weakens the value of the reporting.

CHALLENGE

SOLUTION

You can support the relevant processes with a centralized system based on good practice. This makes it possible to minimize manual routines by automating the majority of the information collection. Those responsible will also be able to automate the risk review so that it supports the company’s risk management policy. It also ensures that ver-sions and amendments are documented appropriately.

RISK MANAGEMENT

RISK MANAGEMENT

• Easy to create and work with risk data• Categorization in relation to external reporting• Support for gross and net values• Easily accessible and standardized reporting• Effective summaries or “dashboards” with customer-specific “KPIs”• Flexibility in relation to company size, risk management culture and maturity• Supported by the LinkGRC Solution Platform: Quality assurance of data, organization management, user

management, automated reminders, relating to data in other modules, and documentation (see separate product sheet for more information)

The module runs on all standard IT platforms. The `LinkGRC Platform - Hardware Requirements’ product sheet describes system requirements.

MAIN FEATURES

REQUIREMENTS

EASY TO CREATE AND WORK WITH RISK DATA

The systematic risk process minimizes the time between collection and reporting, which in itself reduces the risk of errors. The LinkGRC Risk Management Module may typically be implemented within 3-4 weeks.

CONTROL MANAGEMENT

Companies and organizations use many resources on developing and maintaining internal controls. Documen-tation on controls is often stored in spreadsheets which are also used to prove that a control is performed and to report on the design, efficiency and frequency of the control. This creates challenges:

• Questionable version control – who has the latest version? What changes have been made? By whom?• Unclear approval practice – who has approved? Where is the approval documented?• Unclear control status – who carried out the control? Where is the evidence stored? What is the latest

status?

CHALLENGE

SOLUTION

You can establish the relevant processes in a centralized system based on good practice. This saves the em-ployees involved manual routines by automating most of the control treatment. Controls are performed based on predefined and approved frequencies, and the system ensures version control, approvals, documentation of changes – all in one place. The systematic control process minimizes the time from collection to reporting. This means fewer opportuni-ties for errors and more efficient and secure reporting.

CONTROL MANAGEMENT

CONTROL MANAGEMENT

• Ensures quality of control data• Categorization in relation to internal and external reporting• Monitoring of control effectiveness and design compared with the risks. Ensuring a proper control environment• Simple overviews with the possibility of analyses in relation to company structure, departments, ownership,

responsibility, type, frequency, etc.• Standardized reporting with the option to personalize• Easy integration of information to other LinkGRC modules such as risks, incidents, policies and procedures.

The module runs on all standard IT platforms. The ‘LinkGRC Platform – Hardware Requirements’ product sheet describes system requirements.

MAIN FEATURES

REQUIREMENTS

CONNECT CONTROL COMPLY

§

For each control you can associate a time estimate of how long it takes to perform the control (small, medium, large similar to say 1-2 hours, 2-4 hours and 4-6 hours). This can be agreed with the client, and at the same time you gain an overview of the total time spent on controls. The overview can be used for budgeting, process optimization and business development.

The LinkGRC Control Management Module may typically be implemented within 3-4 weeks.

INCIDENT MANAGEMENT

Companies and organizations lack an overview of incidents such as errors, loss or “close-by”. This applies even if the incidents are associated with the company’s main business processes. The absence of a co-ordinated and structured incident registration process results in an inability to detect any weaknesses or outright errors. Conse-quently, you also lose the ability to continuously remove and minimize weaknesses in the processes involved. This creates challenges such as:

• Fluctuating quality of data on reported incidents• Absence of classification of incidents by common standards and inadequate approvals from diffuse sources• Lack of oversight of activities carried out to reduce the extent of any damage, including suggestions for

changes to prevent the error recurring• Lack of knowledge about the risks related to the incident• Many manual resources involved in creating uniform reporting of incidents related to processes and risk areas• Missed opportunities for process optimization, because events are not systematically linked to processes and

not related to controls, risks, etc.

CHALLENGE

SOLUTION

You can register the relevant incidents in a centralized system. This also ensures well-defined limits to the volumes and characteristics of incidents - all based on good practice across the entire company. The system automatically validates the information entered based on pre-defined llimits, ensuring that versiond, approvals and documenta-tion of changes are all in one place.

INCIDENT MANAGEMENT

INCIDENT MANAGEMENT

• Ensuring quality and consistency of incident registration.• Categorization in relation to internal and external reporting and risk• Management of processing steps to stop the incident and to minimize the risk of it recurring• Simple overviews with possibilities for further analyses in relation to company structure, departments, incident

ownership, type, volumes, etc.• Standardized reporting with the option to personalize• Easy integration of information to other LinkGRC modules such as risks, controls, policies and procedures


MAIN FEATURES

REQUIREMENTS

Registration

MODULE OVERVIEW

Categorization Management

Systematic incident registration provides a better real-time overview and simultaneously links incidents to pro-cesses and risks. The system will automatically test that probability and consequence are set up correctly. The LinkGRC Incident Management Module may typically be implemented within 3-4 weeks.

DOCUMENT MANAGEMENT

Companies and organizations do not have proper control of critical documents. These may be documents on policies , procedures, process descroptions, etc. Problems may include: • Documents in the right versions are hard to find when needed• Documents are scattered in different locations• Employees responsible for an important document are no longer employed• Documents are not updated n line with current guidelines• Documents are not approved at the appropriate organizational level

CHALLENGE

SOLUTIONYou can gather all critical documents in one place and “pack them in” based on current guidelines for document management. Furthermore, you can link documents to areas such as roles, organization, pro-cesses, controls and other items. Overall, the organization gains an overview that supports a more efficient handling of documents and creates greater integrity of the content. Documents are stored securely and accessed in a straightforward way.

The LinkGRC Document Management Module may typically be implemented within 3-4 weeks.

DOCUMENT MANAGEMENT

DOCUMENT MANAGEMENT

• Automated workflows for review and approval of documents• Overview and searches / analysis within documents for audit use• Functions to ensure that updates are performed at the correct intervals• Creation of document structures, with safe use of templates• Logging / audit trails / version control in proportion to changes• Role- and rights-managed access• Reminders: Update alerts, empowered overruns, expiry dates, approval deadlines, etc.• Documents can easily be linked to information in other LinkGRC modules such as risks, incidents and

controls


MAIN FEATURES

REQUIREMENTS

PRODUCE YOUR DOCUMENTATION FAST AND EFFICIENT

IT RISK MANAGEMENT

IT departments and IT security of companies and organizations use many resources to manage risks. Employees make threat assessments and vulnerability analyses which are often reported in MS Office® tools. Many people face challenges including:

• Problematic version control – who has the latest version? Where is it located? What changes have been made?

• Unclear approval practice – who has approved? Where is the approval documented?• Uncertain consistency – there is no guaranteed consistency and quality of the data between collection and

further reporting• Delays leading to possible errors - it often takes months between collecting information on risk and re-

porting to management and the Board • Failure to align operational risk – the risk scenario is not aligned with existing categorizations and assess-

ments

CHALLENGE

SOLUTION

You can easily support the relevant processes in a centralized system based on practice, allowing you to auto-mate most of the information collection. The automated risk analysis in relation to the business processes, systems and data to ensures that versions and amendments are automatically documented and authenticated. The solution ensures a short time interval from the collection of data to further reporting by systematizing risk process. When linking IT and operational risks , the business and the IT function will be able to communicate more effectively with each other.

IT RISK MANAGEMENT

IT RISK MANAGEMENT

• Automated creation and management of risk data• Maintenance of IT assets – e.g. systems and data• Maintenance of vulnerabilities and threat catalog• Categorization relative to internal or external reporting• Support for gross and net values• Easily accessible, role adapted and standardized reporting• Effective overviews – “dashboards” with customer specific “KPIs”• Integration with service desk tools to retrieve details of assets• Flexibility in relation to company size, risk management culture and maturity• Supported by the LinkGRC Solution Platform: Quality assurance of data, organization management, user

management, automated reminders relating to data in other modules, and documentation (see separate product sheet for more information)

The module runs on all standard IT platforms. The `LinkGRC Platform - Hardware Require-ments’ product sheet describes system requirements.

MAIN FEATURES

REQUIREMENTS

PROTECTION OF DIGITAL INFRASTRUCTURE IS KEY

The LinkGRC IT Risk Management Module may typically be implemented within 3-4 weeks.

ASSET MANAGEMENT

Many companies keep their assets managed in spreadsheets and documents. This presents a challenge with keeping these spreadsheets and documents updated with ownership, versioning, descriptions, criticality and so forth. This can prove a costly and lengthy manual workload. Furthermore it can be very complicated to track the relationships of assets and how they handle the dataflow throughout the company.

CHALLENGE

SOLUTION

In order for companies to protect their data in an optimal way, it is imperative to be able to keep track of their whereabouts at all times. The Asset management module helps registering and monitoring assets, their rela-tionships and their use, making it easier identifying and registering which assets the company has, how they handle data and if they are protected according to the datatypes they handle.

ASSET MANAGEMENT

The LinkGRC Asset Management Module may typically be implemented within 3-4 weeks.

ASSET MANAGEMENT

• Managing assets is made easy• Relationships between assets, risk etc. can be clearly documented• Ownership and criticality is managed easily• Import from known sources from CMDB’s, or setup of direct link.

The module runs on all standard IT platforms. The `LinkGRC Platform - Hardware Requirements’ product sheet describes system requirements. It is recommended to use the LinkGRC IT Risk Management Module together with the LinkGRC Asset Management module.

MAIN FEATURES

REQUIREMENTS

PROTECTION OF DIGITAL INFRASTRUCTURE IS KEY

MANAGING ASSETS MADE EASY

MITIGATION MANAGEMENT

Many businesses and organizations use decentralized management to take corrective action on conditions relating to the compliance area. This is comparable with observations, risks and failures in control. The actions taken may also relate to external audit, internal audit or oversight of the risk function. Often corrective actions are handled in silos and therefore an overview across department may be lacking.

The value of information and efficiency is lost if you do not regularly update timelines, status and responsibility. Corrective actions will also not be linked to other checks or documentation that is being prepared. Therefore, it is often very difficult to provide management or supervisory staff with an accurate snapshot.

CHALLENGE

SOLUTIONYou can collect all corrective actions in a central location and relate them directly to risks, controls or docu-mentation. Doing so will give those responsible the necessary overview. The ownership can be placed where it belongs in the organization and progress and status can be followed by different stakeholders – e.g. manage-ment and supervisory boards.



• Manual creation of corrective actions• Importing of corrective actions• Description of the source – e.g. external auditors and the number of observations, etc.• Monitoring of deadlines• Automated links to other sources of information – e.g. controls, events, etc.• Simple overviews with possibilities for further analyses in relation to the corporate department, employee, type,

etc.• Standardized reporting with the option to personalize• Role-based access control, authentication and version control


FEATURES

REQUIREMENTS

COLLECT ALL CORRECTIVE ACTIONS AND RELATE THEM DIRECTLY TO RISKS,

CONTROLS OR DOCUMENTS

SELFASSESSMENT

Companies and organizations use different compliance forms from various supervisory bodies for internal “pre-audits”. In addition, various project tools are needed to ensure documentation and to ensure that the re-sponse is current, updated and approved.

Often the focus is on distributing internal documentation, instead of focusing on whether the documentation is read and understood. In many cases it is also difficult to ensure an adequate level of information about where the documentation is located, and who is responsible.

It often takes months or years to ensure that the company has a consistent and efficient framework of under-standing.

CHALLENGE

SOLUTIONYou can apply the appropriate compliance forms from various supervisory bodies as active questionnaires. Responsibility for the answers may be delegated to designated domain experts. Using the Link-GRC Platfom ensures that the answer to the questionnaire can be directly related to the appropriate infor-mation / documentation. Organizations will find that both a review and internal / external audits will be easier because everything is in one place with the compliance schedules as the focal point.

SELFASSESSMENT

SELFASSESSMENT

• Use of compliance forms from various supervisory bodies• Developing self-assessment for the Board• Developing questionnaires in relation to other elements of the LinkGRC Platform such as documentation,

risk assessment or controls• Simple overviews with possibilities for further analyses of corporate structure, departments, employees,

types, etc.• Standardized reporting with the option to personalize• Role-based access control, authorization and versioning


MAIN FEATURES

REQUIREMENTS

Furthermore, it is advantageous to set up the questions and answers in relation to the documents to test the organization’s information or level of understanding. Implementation of new policies or procedures, for example, can therefore be followed up based on who has read and/or understood the new announcements.

SECURITY INCIDENT MANAGEMENT

Many companies handle their security incident management process manually which makes it difficult to over-view and manage, and make sure that security incidents are managed timely as according to their criticality. The process is typically mail based where evidence are collected both internally or by assistance of third parties.

CHALLENGE

SOLUTION

The LinkGRC Security Incident Management module assists the security incident managers with tracking and follow-up activities on security incidents. Each incident can be delegated, tracked and managed, and based on the criticality of the incident escalation can occur like Security Incident SLA.

All changes and approvals are tracked in the module, to ensure transparency.


The LinkGRC Security Incident Management Module may typically be implemented within 3-4 weeks.


• Easy to create and work with your Security Incidents• Delegation for collection of evidence from organization or third parties possible• Possible to automatically create Security Incidents based on information from other systems like CSIS

Ecrime, Service Management systems etc.• Notifications when something changes or are about to expire based on setup metrics• Track ownerships and changes to security incidents


MAIN FEATURES

REQUIREMENTS

CONTRACT MANAGEMENT

Many companies keep their contracts managed in spreadsheets and on file shares, limiting the possibilities of ensuring that all contracts are managed timely and that the contracts can be found when needed. Furthermore risks and control environments setup covering the contracts can be difficult to document and review due to the fact that the different information is presented in silos.

CHALLENGE

SOLUTION

The solution is built to create the necessary overview of contracts, including ownership, deadlines and version history. To use all resources optimally, it is important to create an overview and to risk assess the contracts’ requirements within the contract. In this way you can set up controls from the beginning to ensure compliance.

Contract Management from LinkGRC can support this workflow and create the necessary visibility and control appliance.

CONTRACT MANAGEMENT

The LinkGRC Contract Management Module may typically be implemented within 3-4 weeks.

CONTRACT MANAGEMENT

• Easy to create and work with your contracts• Notifications when something changes or are about to expire• Track ownerships and changes to contracts• Have one single repository of the truth• Perform risk assessments related to the contract (LinkGRC risk module)• Setup controls to minimize risks identified in the contracts (LinkGRC control module)


MAIN FEATURES

REQUIREMENTS

EASY TO CREATE AND WORK WITH YOUR CONTRACTS

RISK IDENTIFICATION, CONSOLIDATION AND QUANTIFICATION MODULE

With increasing requests from management about risk overviews of the company’s focus areas and daily opera-tions, corporate risk coordinators are put under pressure to identify areas which they in many cases do not have the necessary knowledge about. It therefore becomes a collaboration with many different players, often with a lengthy process of meetings crisscrossing the organization. The processes are repeated in a regulary frequency in order to maintain the necessary risk overview and location of the ownership.

CHALLENGE

SOLUTION

The Risk Identification, Consolidation and Quantification module, is a module that helps the risk coordinator to quickly get started with the identification of risks with the help of subject-specific experts in the organization. Once the risks are identified, the risk coordinator centrally consolidate any risks that are repeated throughout the organization. Finally there is the possibility, with the same experts attending, to quantify the consolidated risks.


The The Risk Identification, Consolidation and Quantification module may typically be implemented within 3-4 weeks.


• Easily create and initiate risk identification process• Workflow based• Simple and quick overview of the current status of initiated processes• Smooth consolidation and quantification process• Customizable to the company’s risk models


MAIN FEATURES

REQUIREMENTS

EASILY CREATE AND INITIATE RISK IDENTIFICATION PROCESS

INSURANCE MANAGEMENT

Insurances are often managed in spreadsheets and on file shares throughout companies, limiting the possibili-ties of ensuring that all insurances are managed timely and that the insurances can be found when needed. The benefits of having the insurances visible for all parties is also a benefit from a perspective of having the full risk overview by mapping risks, controls and insurances together in the ERM setup.

CHALLENGE

SOLUTION

The solution is developed to create the neccesary overview of insurances, including but not limited to own-erships, deadlines for re-negotiation and version history. To give the risk owners, management and Board of directors the overview of the residual risk picture this module is often used to link to like the LinkGRC Risk module.


The LinkGRC Insurance Management Module may typically be implemented within 3-4 weeks.


• Easy to create and work with your insurances• Notifications when something changes or are about to expire• Track ownerships and changes to insurances• Have one single repository of the truth• Give the risk owners, management and Board of Directors the correct residual risk picture and make it

visible where insurances are missing


MAIN FEATURES

REQUIREMENTS

EASY TO CREATE AND WORK WITH YOUR INSURANCES

EVENT LOG MANAGEMENT

Log entries covering like privileged accounts usage, unsuccessfull logins and other key log measure point as according to the companies logging and monitoring frameworks can be difficult to manage and document on a timely basis. Furthermore the evidence related to controls for the logging and monitoring area are typically collected in mails and files stored on fileshares. This makes the process very time consuming, and it is difficult to get a status overview.

CHALLENGE

SOLUTION

The solution has been developed to ensure compliance towards internal policies, procedures and control frame-works covering the logging and monitoring area. When the daily logs has been retrieved in the LinkGRC Event Log Management module it easy to generate an overview of breaches which needs follow-up activities. All follow-up activities can be carried out from within the system like mail to users who potentially have breached policies and procedures, for evidence like links to changes or incidents.


The LinkGRC Event Log Management Module may typically be implemented within 3-4 weeks.


• Setup of rules to highlight events that needs attention• Import of log entries from sources in known formats like Windows Event logs• Case management where the organization is able to answer and upload evidence to support the log entry.• Version control• Dashboard and reporting functionality.• Functionality to group a set of events (usually if an operation is carried out within a few seconds by the

same user on the same system, it’s likely the events are connected).


MAIN FEATURES

REQUIREMENTS

ENSURE COMPLIANCE TOWARDS INTERNAL

POLICIES, PROCEDURES AND CONTROL FRAMEWORKS

GRAPHS AND REPORT

• Setup of rules to highlight events that needs attention• Import of log entries from sources in known formats like Windows Event logs• Case management where the organization is able to answer and upload evidence to support the log entry.• Version control• Dashboard and reporting functionality.• Functionality to group a set of events (usually if an operation is carried out within a few seconds by the

same user on the same system, it’s likely the events are connected).


MAIN FEATURES

REQUIREMENTS

GRAPHS AND REPORT FOR REPORTING CENTER AND

REPORT GENERATION

LinkGRC ApS

Jagtvej 223, 4th floor DK-2100 Copenhagen

P: +45 7022 3280@: [email protected]: www.linkgc.com

Janu

ar 2

016,

1. e

ditio

n