eGRC - Management System

the intelligent, integrated and automated GRC software solution for your company!
The Data-Driven-Solution "embedded GRC" (short form: eGRC) is the core product of GORISCON GmbH and enables companies of any size and industry a targeted and efficient implementation in different areas such as Information Security, Data Protection and Risk Management through IT-supported processes.

We offer a common database, so that your previous standards, guidelines and assessments are linked and you gain quality and time as a result. This enables you to identify and manage your risks at any time.

With eGRC, you can bring transparency and security to your company.

Features

Advantages

Saves time

eGRC significantly reduces centralization and implementation through its integrated workflow and provision of ready-to-use templates.

Leverage automation

eGRC automates all workflows your company faces in an implementation or lifecycle.

Easy to customise

GORISCON provides eGRC with various requirements such as ISO 27001, GDPR, KRITIS, and more. However, it is not limited to these requirements alone. Customers can personlise and add requirements that correspond to their internal risk framework.

Audit-Ready

eGRC is an audit-ready solution and gives auditors a central overview of how Information Security and Data Protection are managed in the organisation.

ISO/IEC 27005 Based Risk Assessment

The Risk Assessment module meets all requirements of the ISO/IEC 27005 risk assessment standard. We guarantee our customers that the risk assessment process in eGRC more than meets industry best practices.

Supported norms and standards:

  • DSGVO
  • BSI basic protection
  • NIST
ISO standards:
  • ISO/IEC 27001 - Information Security Management System(ISMS)
  • ISO/IEC 27005 - IT Rik Analysis & Risk Management
  • ISO 9001 - Quality Management
  • ISO 14001 - Environmental Management
  • ISO 31000 - Risk Management
  • ISO 80001 - Risk Management for Networked Medical Technology

Industry standards:

Financial Services Industry:
  • MaRisk
  • BAIT / VAIT / KAIT
  • DORA / EBA Guidelines
Automotive:
  • VDA / TISAX
Healthcare:
  • B3S

Risk management

Effective Risk Management enables you to make conscious decisions about which corporate risks should be the focus of the business, which risks can be accepted and which risks need to be counteracted. Irrespective of the origin of the risks, you obtain constant transparency for your organisation by taking a holistic view.

Information Security Management

Information Security Management integrates business concerns with necessary steps to protect valuable assets from loss, manipulation or damage. Secure your expertise! The workflow-based ISMS is accompanied by essential and integrated sub-processes of the ISMS such as an index-based reporting system, security incident management and other processes that enable sustainable management.

Data Protection Management

Data protection is an ongoing task for every enterprise and institution. Therefore, eGRC supports the Data Protection Officer in integrating Data Protection Management into the organisation. Accompanied by a multitude of important process steps, procedural activities can be generated directly, information on data protection can be documented and order processing can be identified. By intelligently linking Data Protection Management with Information Security Management, resources can be demonstrably conserved and quality significantly increased.