GRCaaS

Governance Risk Compliance as a Service

GRC Automation Simplifiedand Affordable

Business Management Consulting

GRC Solution

OCEG GRC Technology Strategy & Maturity Survey

Results from 273 respondents to the OCEG 2014 GRC Technology Strategy Survey shows:

Governance Risk Compliance Simplified

The CMLgroup GRCaaS solution provides all the tools to build an efficient, collaborative enterprise GRC program within your organization.

GRCaaS allows you to: •Manage Risk

•Demonstrate compliance

•Automate business processes

•Gain visibility into corporate risk and security controls

•Access real time, intuitive, interactive, customizable, role-based GRC Dashboards

CMLgroup GRCaaS Framework

RiskSet up Risk

Management Program. Identify Assets,

Threats, Vulnerabilities and Controls

PolicyMap and track your Policies, Procedures,

Guidelines and Standards

VulnerabilityScan and document your organization’s

technical compliance controls

VendorTrack third-party vendors, and OSP

Identify and mitigate risk

ProcessTrack and manage

business processes, automatically feed to

risk , audit and compliance programs

AuditAutomatically

populate audit field and eliminate manual

internal & external controls verification

ReportingReal time, intuitive

and interactive customizable, role based Dashboards

TrainingIntegrate

courseware with controls, and

streamline course completion

Incident ManagementTrack and report

information security incidents

ComplianceFully automated

compliance. Automatic updates

to regulatory Requirements

Banking and Finance Guidance

Payment Card Guidance

Sarbanes Oxley Guidance

US Federal Security Guidance

Individual Employee Compliance Tasks

Customize Executive Dashboards

Customize Drill Down Reporting

Identify Regulatory Compliance at a glanceLeft Pie chart: assessment in progress, review and approvedRight Pie chart: assessment controls status, Passed, Failed, Not Responded, Not ApplicableBar chart – Assessment Level, Inherent Risks and Inherent Compliance levelsBar chart – Assessment by Regulatory Compliance progress status

Who is responsible?Select Assessment Status In Progress (Pie Chart blue section)The information window shows Finance and United States having the most failed controls

Who is accountable ?Filter by division Finance, see Details. Compliance Manager, most assessments in progress, majority overdue more than 30 days. Followed by Dario Acosta all assessments overdue.Outliers shown in Days Past Due (red column) clearly maps priorities. Who has to do What

Inherent Risk AnalysisHealthy High/Low risk ratio, where low is about three times the High level. However, there are 19 assessments in progress listed as Not Assessed. It presents a large potential risk. Assessment Risk becomes priority along with completing overdue assessments.

Organization’s Assessment StatusAssessment status by division. Compliance Rating shows status based on org thresholds. The four-quadrant chart below show Completion/Passed ratio. Bubble size driven by number of controls per division

Risk Sources and TypesRisk sources by Asset Type, further analyzed by status New, Open and Close.Tap on Asset Type to see Risks Types such as Audit Findings, Failed Control, Incident, Risk and Vulnerability

Assessments Common Controls Controls by Sources and Parents - Banking and Finance Guidance, network map on the right shows common controls between Regulations, FEIC Audit and Bank Secrecy Act. Therefore, passing these controls increases inherent compliance for both Regulations

Assessment Regulatory Compliance/Impact Zone Assessment by Regulatory Compliance shows organization’s regulations statusAssessment by Impact Zone shows status by organization’s GRC groups

Affordable GRC

• Automate manually intensive tasks• User generated reports• Simplified data collection• Automate business processes• Easy to train new personnel• User customizable dashboards• Designed to enhance your existing process • Does not force you to implement large-scale process

changes

GRC Simplified

• A cloud-based service with no software to buy, install, and maintain

• IT support not needed• Runs on the highly scalable Salesforce.com platform

so it’s always available and accessible• 2-day installation• Free no-obligation trial so you can try before you buy

• Customizable, interactive reports• Real-time Mobile Dashboard• An intuitive setup process• Easy Ongoing Management

User Interface

• Thousands of Citations• Regulations from hundreds of

Authorities• Guaranteed currency with all

global standards and regulatory mandates

Unified Compliance Framework (UCF)

• Risk Compliance• Policy, Training• Audit• Vendor• Incident Response• Vulnerability Management• Process

A complete, integrated suite of IT GRC management

• Configuration and deployment• Product support• Baseline consulting

Built-in integration and support

services• Risk assessments,

vulnerability assessments• IT audit and much more

Optional Services and strategic consulting

• Enterprise-class solution without the need for capital investment or additional personnel.  

Cloud-based delivery

3

2

1

6

4

5

GRCaaS by CMLgroup

GRCaaS

GRCaaS Solution enables:Complete Risk

Posture insight

• Real time reporting and Executive Dashboards

• Actionable items generated by analytics and KRI

• Streamlined information security & compliance operations

• Enhanced access and end-to-end integration

• Intuitive initial setup provides built-in and step-by-step guides

• Subject matter expertise is embedded into GRCaaS’s robust wizards

• Supports over 700 authorities & over 25,000 citations and regulations

• Maps the organization’s industry-specific requirements to standard GRCaaS Controls

• Scalability, Reliability and Performance with a Cloud Performance

• Standardized security CustomizableReal-Time upgrades

Automation and Streamlining

Simplified User Interface

Automate Compliance

Cloud Based Strategic

CMLgroup GRCaaS

Contact us today to discuss your IT-GRC requirements

+ 1 646 827-2291www.cmlgroup.comInfo@cmlgroup.com