Compliance management helps to measure, report and ensure that policies and regulatory requirements are implemented across the organization and beyond. The VirtueSpark Enterprise Cloud for GRC helps to increase efficiency and effectiveness of compliance management activities on all levels through integration, automation and execution at scale.
Integration in operational processes and test automation
Controls are not only a way to measure compliance maturity. Firstly, they are means to ensure that processes and activities are performed according to the defined rules. Assigning controls to processes and assets allows for integration into automated workflow management so that the controls are automatically triggered, every time the process is executed. This helps to ensure the controls are executed and also to measure and monitor compliance during operations. As a result, testing can be automated and compliance monitoring can be performed at any point in time.
Control assessments at scale
The compliance solution allows a high level of flexibility and scaling. The ability to map compliance requirements to specific assets and processes allows for example to apply controls related to country specific requirements only to those elements that are really affected.
Further, control assessments can be scaled from high-level impact assessments over more detailed questionnaires down to detailed assessments that include tests and sampling. This way, the resources can be applied specifically where they are required.
Whether it is SOX, HIPPA or any other regulation, the compliance solution allows to perform the full set of required control activities to comply with regulatory requirements. That includes planning, scoping, assessment scheduling, self-assessments, detailed tests, evidence storage, escalations and reporting.
Third party compliance
Third party compliance can be managed in different levels of details. Generated supplier self-assessments can be generated and filled in by the supplier online. Detailed supplier assessments and visits can be organized, performed and documented using the VirtueSpark Enterprsie Cloud for GRC.
Third party compliance and related risk exposure can be compared across suppliers and evaluated against impact on risks and objectives.