GRC

15-12-2020

The software platform for compliance with new regulatory requirements
Back in the early 1900s, if we were to ask which transportation system people desired, they would have answered “faster horses”. And just because they hadn’t experienced the car … In accordance, GRC software is the current vehicle for corporate governance development.

Today’s landscape in compliance
We live in an age where the legal and regulatory framework is constantly expanding and becoming more stringent. After all, there are many regulatory obligations that are now a necessity for businesses and non-compliance with them, in fact, leads to severe sanctions and fines:
• GDPR, ePrivacy for all businesses
• PSD2 for electronic payments
• Plethora of new regulations
In this context, the role of internal control and regulatory compliance is no longer supportive but fundamental:
• For the continuance of organizations’ functions
• To avoid big, large fines
• To integrate technological developments into productive operations
Risk-based approach
The risk-based approach has been integrated into every compliance framework, calling on the organization to demonstrate that it has a reliable, systematic, repeatable risk assessment methodology and uses it to make important decisions and implement risk control measures. Both the main production processes and the support of a company or an organization are required to be based on an effective assessment of the risks that affect them.
The principle of accountability, also due to the GDPR, has entered the Management agenda of the organizations, as they are called upon to ensure its effective implementation. The use of specialized compliance software in the fields of Governance, Risk and Compliance makes it one-way road!
PRIORITY’s approach
PRIORITY has created a modular platform with solutions for organizations of all sizes. Its main functions are:
Compliance with GDPR
• Creating Processing Activity Files by recording the required fields, updating and approving them.
• Recording and Managing Subject Data Rights Requests.
• Recording and Managing Cases of Personal Data infringement.
• Recording of Contracts with Executors for the Processing and Evaluation of risks to the protection of personal data in the cooperation with third parties.
• Conduct an Impact Assessment Study for processing activities at high risk for data subjects.
• Recording and Management of Complaints which require investigation and documentation of the case.
• It provides the ability to attach files for the necessary documentation, such as contracts, applications from individuals, etc.

Risk Management
• Enterprise Risk Management
• Operational Risk
• Information Security Risk
• Business Continuity Risk
• Financial Risk
• Unified tackle and risk management
• Support for multiple methodologies
• Ability to run scenarios and simulations to select the best control measures
• Assignment and monitoring of actions to executives
• Continuous supervision of the overall risk profile of the organization

Audit Management
• Audit Universe: recording control areas, criticality and risk assessment to develop the control program
• Standard checklist library
• Audit implementationand collection of evidence
• Documentation of findings and recommendations
• Assign and monitor corrective actions
• Compliance Reports and Statistics

Compliance Management
• Implementation and codification of legal and regulatoryframework requirements
• Correlation to specific documentary material
• Detection of discrepancies
• Assignment and monitoring of compliance actions
• Dashboard statistical results through easy-to-use visual presentation tools, with the ability to export reports to monitor compliance
• Personalized update on the tasks that each user is assigned to perform

Suppliers Management
• Third party management and evaluation
• Monitoring of contractual obligations through:
• Audits
• Service Level Compliance (SLA)
• Failure logging
• Support for on the spot checks using a mobile / tablet

Adaptation to business needs
• Web, multilingual application, with support for running tasks on mobile devices (e.g. smart phone, tablet etc.)
• Creating workflows for company supported processes by assigning roles for logging, reviewing and approving logs
• Customization to adapt to the core elements of organizations in order to facilitate users in creating new subscriptions to the various platform modules

Luxury or need?
• GRC functions are a Boardroom subject.
• Compliance is a collective effort of all the staff of every company, not just the DPO, the auditor
• Strategic objectives and performance metrics are supported by monitoring the level of risk of the activities.
• Specialized software minimizes bureaucracy and ensures implementation of the accountability principle.
• After all, GRC is not just for multinationals and groups, but for any business that is facing technological and legal challenges!

GRC Framework
PRIORITY’s GRC software platform has the following subsystems:
• Risk Management
• GDPR
• Compliance Management
• Audit Management
• Quality Management
• Survey’s Management
• Incident Management
• Business Continuity
• Information Security Risk Management
• Supplier Management
• ITSM
• Whistleblowing Management
• Data Analytics for Knowledge Management
Each GRC subsystem can operate on its own or in combination with any of the others, thanks to the GRC Framework, which integrates the user system, security groups, report generator, all subsystem parameter files and a huge library compliance standards.

The GRC Framewok, which serves all GRC subsystems has:
• Absolutely user-friendly environment, easy to understand and efficient to operate. It gives the user complete freedom to determine the UI to work with, choosing which language he wants to work in, which titles he wants to use for the fields, which fields will be mandatory and which will be visible.
• Security system that ensures the protection and integrity of data, through multiple levels of access. The system has multiple levels of security and offers protection of the confidentiality, integrity, accuracy, and availability of data, while fully complying with the GDPR. Special procedures ensure the recording of all entries and changes in a special audit file (audit trail) with the aim of absolute traceability of critical actions. The system has authentication and authorization mechanisms (authentication and authorization).
• Passwords are stored encrypted using a hashing algorithm.
• The security of the transmitted information is ensured by an encryption mechanism.
• Support for HTTPS, TLS / SSL protocols.
• Existence of audit trail mechanisms and extensive logging, compatible with international standards.
• Existence of data integrity control system.
• Existence of mechanisms for controlling the validity and quality of data and simultaneous and immediate warning through messages on the work screen
• Function automation functionality is provided to ensure speed, accuracy, quality control and data consistency.
• Electronic signature support
• Workflow structure that helps guide users to follow a specific procedure in the field of completing fields and only if they have been assigned the appropriate role. For the implementation of the next step of each procedure, the users are informed by e-mail, in order to automate the procedures and to save time.
• Dashboard so that users can edit the results of individual actions, monitor the current situation, and make decisions using standard reports, graphs and presentation tools to communicate the compliance process.
• Task list, so that users can monitor the tasks assigned to them and monitor their status.
• KPI’s & Reports: It is possible to use multiple filters to define, by authorized users, and export to popular programs, KPI’s Indicators and detailed reports. The ways of displaying the results are indicative:
• Bar chart
• Pie chart
• Price Table
• Numerical results (e.g. average, minimum / maximum value, sum, percentages, number of answers)