Our customer provides care to the elderly. Sometimes for a short while, sometimes longer, sometimes forever. Our customer runs fifteen locations and one rehabilitation center, all located in the northern province of Fryslân in the Netherlands. Our customer wants to be at the forefront of innovations in (elderly) care.
Our customer is obliged to comply with the EU General Data Protection Regulation (GDPR). Personal data, including medical information, are at the core of their daily operations and have to be protected at all times. The GDPR requires a number of registrations (such as keeping records of processing activities) and procedures (such as handling data-subject requests and responding to (suspected) data-breaches).
Our customer also needed a solution to help reduce the administrative burden of managing contracts and agreements, as well as consent, and to help put in place a solid procurement process. Additionally, our customer considers certifying against NEN 7510, which is the Dutch standard for information security for healthcare organisations and supersedes ISO 27001.
Our customer chose GRC-Boxx primarily because of its support for GDPR compliance. However, it soon became obvious that GRC-Boxx would also have a positive effect on other processes, such as contract management and procurement. Being able to design and implement procedures on the fly, is a key strength of the solution!
Controls are supported by “evidence” in the form of documents uploaded in GRC-Boxx or links to other systems, registrations that need to be filled-in, and procedures that have to be followed. The entire organisation can be involved in the process, as tasks can be assigned as necessary, monitored by GRC-Boxx which sends reminders and triggers the appropriate escalations if necessary. Sustaining a high level of organizational involvement is necessary when in the process of becoming or staying compliant in regulated business environments.
GRC-Boxx offers additional functionality, like: