In common with many regulatory compliance challenges, we tend to address them as a series of assessments and other activities:
- Initial assessment to find out where we are with compliance and what the initial risk is. This is carried out by a combination of self-assessment and audit.
- Follow up activity to close off the gaps and issues from the initial assessment
- Risk management to accept, mitigate, and transfer to arrive at the residual risk.
- Regular self-assessed controls activity.
- Regular Key Performance Indicator collection and analysis
- Ad-hoc change-based assessment (projects/ change management)
- Periodic re-assessment to find out whether we still in overall compliance.
For GDPR and Data Protection, we suggest the following:
- Assess the organisation using a GDPR Controller framework
- Assess suppliers and services using a GDPR Processor framework
- Assess change projects using a Data Processing Impact Assessment (DPIA)
- Assess the organisation for general security and data protection using such control frameworks as CIS
- Utilise any other frameworks either from our libraries or upload your own.
Together with HydraGRCs standard facilities:
-
Software as a Service
-
Online Self-assessment
-
Online Audit
-
Online Follow ups and closure
-
Online Risk Management
-
Multiple framework/Enterprise Risk Management
-
Program Management with auto scheduling
-
Relationship based Asset Model
-
Framework loading and online authoring.
-
Free of charge example Frameworks
-
Audit trails
-
Document Management
-
Configuration Management
-
Deployed in Microsoft Azure with SSL and fully encrypted database and documents
- White-labelling to blend in with your branding
