Scroll Top

About

GRC-Boxx

Governance

Governance refers to the internal process by which policy is set and decision making is executed by the company’s executives and managerial levels.

 

Governance as a Process

GRC-Boxx facilitates Supervisory Boards and higher management to structure and document their processes (agenda items, decisions, actions, risks).

This gives supervisors the ability to better protect themselves against liability.

Transparency

GRC-Boxx supports the dialogue among the several internal boards and stakeholders and possibly also external regulators and stakeholders.

Documenting these decision-making processes creates a culture of transparency and responsibility.

Single Source of Truth

GRC-Boxx builds a collective memory, becoming the single-source of the truth, about important business decisions, risks and actions.

Contract Management

Contracts and Agreements can be digitally filed in GRC-Boxx. A review process allows these to be re-evaluated or re-negotiated timely, thus improving/managing relations, improving a contract’s financial terms and minimizing contractual risks.

Procurement

Organisations are unique and so is their procurement process. GRC-Boxx embraces this by allowing organisations to create and optimise their procurement processes. In this manner, separate customised processes can be applied per type of procurement and are thoroughly documented.

Risk Management as a Process

GRC-Boxx contains a best-of-breed Risk Management process:

  • Anyone within the organisation can identify and report a risk
  • Risk managers are notified to assess and classify the risk and decide on its mitigation
  • Relevant controls can be created and implemented
  • Tasks and actions can be linked
  • Risks are reviewed until considered and marked as managed.

Incident Management as a Process

GRC-Boxx facilitates Incident registration and orchestration of follow-up actions.

  • Anyone within the organisation can identify and report an incident
  • Incident managers are notified to assess and classify the incident and decide on follow-up steps
  • Incident resolution is a customised process by the organisation that can be applied per type of incident (data breach, security incident, calamity/disaster)
  • Tasks and actions can be linked

RISK MGT

Risk Management is an organisation’s ability to effectively and cost-efficiently mitigate risks that can hinder an organisation’s operations or ability to remain competitive.

COMPLIANCE

Compliance refers to the process of adherence to policies and decisions. Policies can be derived from internal directives, procedures and requirements, or external laws, regulations, standards and agreements.

Compliance as a Process

GRC-Boxx enables organisations to:

  • organise and maintain their compliance documentation (e.g. their Information Security Management System) and their entire compliance (i.e. controls, evidence, audits, etc.);
  • formalise and digitise compliance-related procedures, which can then be repeatedly executed and monitored;
  • provide reliable evidence; for instance, registrations with customisable collection periods during which actors and/or teams can upload evidence and/or findings.

Compliance frameworks

GRC-Boxx is a standard-agnostic solution. It supports any laws & legislation, regulations, and standards (internal and external, country-specific and international, industry-specific or sector-imposed) that can be brought down to requirements.

Requirements can be marked as applicable/not-applicable and associated with controls, for which evidence will be collected.

In a digital ecosystem, requirements can also be delegated to other organisational entities (departments, sub-organisations or sibling-organisations).

Included frameworks

GRC-Boxx includes and supports a steadily increasing number of frameworks/standards, such as:

AICPA – SOC2ISO 9001IATF 16949EU – GDPR
CIS – CSCISO 14001VDA ISAEU – MDR
COBIT 5ISO 27001VDA TISAXNL – BIO
NIST CSFISO 45001 NL – NEN7510
NIST SP.800ISO 50001PCI DSSNL – NEN7512

Continuous improvement

GRC-Boxx supports a Plan-Do-Check-Act cycle for continuous improvement of all compliance elements (controls & evidence), but also a simpler recurring Review cycle.

Other improvement cycles can and will be added when necessary.

Internal and external improvements

GRC-Boxx architecture allows requirements to be linked to controls which, in their turn, are linked to evidence. This makes it extremely useful for internal or external audits. An auditor decides on the scope of the audit and can then follow the links to the supplied evidence.

GDPR Compliance

GRC-Boxx comes with built-in support for the European Union’s and the UK’s General Data Protection Regulations, including:

  • GDPR-Wizard to quickly become and stay compliant
  • Document management and Evidence collection
  • Records of Processing Activities
  • Data-Subject Requests with customisable procedures
  • (Contract and) Agreement management
  • Consent-form filing

PS. The GDPR module can be hidden if not necessary.

Supply-Chain / Vendor Compliance

GRC-Boxx can efficiently manage your compliance requests:

  • Select the recipients
  • Ask questions or request a document to be returned
  • Include a document template (optional)
  • Send the request(s)
  • Monitor the progress, possibly sending reminders
  • Approve responses, or resend rejected ones

Audit as a Process

GRC-Boxx supports both internal and external audits.

Audit items’ findings, recommendations, and judgements can be recorded and in case a non-conformity has been found, corrective actions can be started and monitored until their completion, when a re-audit can be performed.

Internal audits

Internal audits can be performed within an organisation to verify the efficiency of own adopted procedures and check for possible shortcomings, ensuring compliance with laws and regulations and standards in a more casual environment and with lower stakes.

GRC-Boxx audits can be created for:

  • Requirements of a standard (all or a selection thereof)
  • Controls (all or a selection thereof)
  • Assets
  • Evidence items, such as testing a process against all applicable requirements

External audits

External audits (also known as third-party audits) are performed by impartial auditors and can be called objective assessments of organisational procedures and provide transparency and confidence to interested parties that your organisation is truly running an effective and compliant management system.

External auditors can be invited to an organisation’s GRC-Boxx and be given rights to a specific audit and all related evidence. It is also possible to grant rights for continuous auditing to an external auditor, thus not relying on their on-site presence for the audit.

AUDITS

An audit provides credibility to an organisation’s compliance statements. This is done to ensure sufficient compliance with requirements and to track and improve the efficiency of your operational processes.

Request a presentation
Our website uses cookies from third-party services to improve your browsing experience.
Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our Privacy Notice. The link can be found in the footer area of this window.
Required
Tracking
We use Google Analytics to understand how visitors engage with our website . If you don’t want Google Analytics to be used in your browser, you can install the ‘Google Analytics Opt-Out Browser Add-On’, provided by Google.
Required
Google Maps
This website uses Google Maps to display our office address and provides directions to our offices from a location supplied. If you do not ask for directions, your location will not be tracked.
Privacy Notice