1

The GRC Toolbox Pro is an integrated and centralized software solution that optimally supports the step-by-

Digital Management of Governance, Risk, Compliance, ICS and Security

www.swissgrc.com

2

Solutions and Use CasesHolistic solution base for organisation wide GRC

CMS

Data SecurityDirectives

Integral Safety

Work Safety

ISMS

ICS

Audit

ERM

ORM

IT-RM

BCM

Policy Management

Compliance

GRC Security

Governance

Risk Management

Contract Management

Physical Security

3

The GRC Toolbox with many features

make your work considerably easier

Extendable at any time, integrally applicable and individually expandable!

Predefined and customizable workflows Predefined and customizable reports Comprehensive automation and monitoring capabilities

(notifications, tasks, reminders, escalations) Comprehensive Role User and Permission Management Seamless integration with Active Directory, MS Exchange,

MS Office Full-text search of all contents Customizable and meaningful dashboards Collaboration features Notification functions (Email, Sms) Task Management Complete document management (DMS) with electronic

archiving, etc. for the management of specifications, proofs, processes and other documents

4

Internal Control System, ICS Software - digital and automatedThe GRC TOOLBOX PRO provides you with valuable support in evaluating the extent of the coverage of your Internal Control Systems and their effectiveness.

Suitable documentation for your Internal Control Systems (ICS)

File storage for your ICS-relevant documentation (directives, processes, verifications, etc.)

Definition of your control environment (organisational structure, processes, tasks, responsibilities, etc.)

Integration of the ICS-relevant corporate processes Evaluation of ICS-relevant risks Definition of the control mechanisms including

automatic task assignment (task, email) Completion and confirmation of the controls by the

responsible party Addition of verifications and documentation for

non-compliance Reminder and escalation mechanisms Clear and transparent ICS results and reporting Management of your ICS thanks to the integrated ICS

Dashboard

4

5

Zugerberg Finanz AG

The GRC Toolbox developed by Swiss GRC enables Zugerberg Finanz to operate its internal control systems simply, quickly and transparently. The automated actions simplify the oversight and management of the controls we’ve implemented and inform us immediately of any risks, controls and the resulting changes. As well, Swiss GRC’s specialists are highly competent

daily business with best practices, customised solutions and expert knowledge. »

ICS 2.0

«

6

Risk Management Software – Everything you need

Risk Management Software – Risk management is an important component of corporate management.

GRC Toolbox Pro supports you in each aspect of risk management. Whether it’s enterprise risk manage-ment (ERM), operational risk management (ORM) or IT risk management (ITRM), the GRC Toolbox Pro enables you to manage all categories of risk simply and effectively.

Identification of risks, description of the type, the causes and the effects Analysis of the identified risks based upon their likelihood and possible

effects Risk assessment according to previously defined risk acceptance criteria Risk management and response through intervention Integration with Internal Control Systems (ICS) Risk categorisation and aggregation (incl. multi-client capability) Risk monitoring thanks to reminder notices and workflows Pre-defined risk reports and the option of customising your own reports

(Report Designer) Risk Management Dashboard for intuitive visualisation of your data

77

Thanks to the Swiss GRC solution, known in-house as Tool-RM, we can centrally manage the areas of Risk Management, IT

»

Risk Management

«

7

8

Information Security / ISMS SoftwareSystematically Manage and Improve Information SecurityThe GRC Toolbox Pro provides you with the support you need in developing and operating an information security management system (ISMS) according to ISO/IEC 27001 norms. The GRC Toolbox Pro is the perfect

27001 and other norms are fully supported by the GRC Toolbox Pro’s feature set.

Manage documents relevant to information security (regulatory requirements, verifications)

Optimise information security risks, for example based on ISO 27001 or ISO 27005

Capture and track your information security measures and procedures Create and classify your Asset Inventory incl. inheritance of security

permissions Security Incident Management Exception Management Create your Statement of Applicability (SoA) Run Gap analyses and audits based on ISO 27001 and ISO 27002 Evaluate your information security compliance Visualise your information security with reports and the dashboard

8

9

Compliance Software – Quickly implement legal and regulatory requirements. Effectively manage and monitor them too.Compliance Software – your organisation is impacted by a large number of internal and external guidelines

effective Compliance Management (System) according to best practices (ISO 19600).

Identify and adhere to legal and compliance requirements Analysis of compliance risks Define and monitor control measures Manage relevant norms and regulations such as codes of conduct, process

descriptions and instruction guidelines Monitor the adherence to compliance requirements with assessments and

internal audits Manage compliance breaches and strive for continuous improvement Monitor compliance measures Reminder and escalation notices Record all compliance management procedures Simple compliance reports and the option of customising your own reports

(Report Designer) Compliance Dashboard for the intuitive visualisation of your compliance

activities and results In addition: contract management and directives management with audit-

compliant archiving functions

10

Data Protection SoftwareThe GRC Toolbox Pro provides you with the support you need in developing and operating a data security

data security are fully supported by the GRC Toolbox Pro’s feature set.

Management of documents relevant to data protection and security

Centralised oversight of data security requirements Optimisation of data security risks Tracking of data protection measures Creation and classification of your Asset Inventory incl.

inheritance of security permissions Security Incident Management Creation of your Statement of Applicability (SoA) Running gap analyses based on DPCO, for example Evaluation of your data security compliance Visualisation of your data protection with reports and

the dashboard

10

11

Contract managementContracts are critical to organisations. Thanks to the GRC Toolbox Pro, you can store and manage your contracts across their lifecycle in a controlled and organised manner. The contracts, their details and any attachments can be centrally and transparently managed.

Central repository for your contracts, including a clear overview

Recording of key contract data (parties, notice periods, amounts payable)

Full search, filter and grouping options Automatic monitoring of deadlines and notice periods Contract resubmission options Reminder and escalation procedures Multi-step revision and approval workflows Audit-compliant electronic archiving Comprehensive role-based access controls Reports and Dashboard provide clear overviews

12

Manage and Circulate your Directives Safely and TransparentlyAn organisation’s directives management system must regulate and incorporate all internal instructions and document all processes. That’s precisely how the GRC TOOLBOX PRO supports you through the lifecycle of a

Create, edit and manage directives centrally andtransparentlyReview, approve and publish directives (directivesworkflow)Store metadata and use it to filter, sort, group or searchdocuments (including full text searches), among othersFile standardised document templates (templatemanagement)Edit directives client-side in Microsoft Word or onlineusing Microsoft Web AppsSeamless integration with Microsoft Office productsmeans you can easily use interactive features such asOutlook calendar syncing, Excel exports, documentsharing, etc.

12

13

Internal Audit Management and Follow-up

resulting risks and measures (Follow-up).

Central documentation of internal and external audits(year plan)Specification of the affected organizational units,processes and risksDistribution of audit assignments and audit documentsto the persons involvedDescription and evaluation of the findingsRecording and assigning measures to fix the findingsAutomatic distribution and monitoring of revisiontendencies, measuresStandardized reporting on the audits, findings andmeasuresClear evaluations with reports and dashboard

SWISS GRC DAY

www.swissgrc.com

Once a year, governance, risk management and compliance (GRC), related challenges, trends, as well as solutions and tools are the focus of an afternoon industry event.Experts share their knowledge with you, reveal tips, draw attention to developments and present solutions for current problem areas.

Visit our Website for all information about the next Swiss GRC Day via www.swissgrcday.ch

14