¶ Navigating the GRC360 Platform
To get started with GRC360, follow the steps below:
- Login to the GRC360 Platform by following the instructions in our guide Unlocking GRC360.
If you are having issues logging into the GRC360 platform, please contact Exium team at support@exium.net for help
- Once logged in, you'll land on the GRC homepage (screenshot below), giving you easy access to our intuitive GRC platform.
In the following sections, we will explain in detail each of the menu items of the GRC360 platform.
¶ Overview
Welcome to a comprehensive assessment management platform where you can oversee your assessments over time effectively.
|
Menu item |
Sub-item |
Description |
|---|---|---|
| Overview | Analytics |
Governance: Gain a holistic perspective through the governance tab to view a consolidated overview. Explore an applied controls ranking score and a watch list at the bottom of the governance tab to stay informed about upcoming deadlines for applied controls or risk acceptances. |
| Risk: You can focus on risk in this dedicated tab or have a global view from the governance one. | ||
| Compliance: You can focus on compliance assessment in this dedicated tab or have a global view from the governance one. | ||
| Composer: A specialized tab for cross-referencing analytics derived from different risk assessments, amplifying the depth of your insights. | ||
| Calendar | Utilize the integrated calendar to monitor the Estimated Time of Arrival (ETA) for upcoming or expired applied controls and risk acceptances, ensuring proactive management of your assessments. |
¶ Context
Unlock the Power of Context in Risk and Compliance Management
In the dynamic realm of risk and compliance management, establishing context is key to navigating challenges effectively. Dive into key elements like Threats, Reference Controls, Applied Controls, and Assets to fortify your security posture and ensure regulatory adherence seamlessly.
|
Menu item |
Sub-item |
Description |
|---|---|---|
| Context | Threats | Understand the potential causes of incidents that could compromise security or disrupt business operations. Leverage Threats to clarify the purpose of requirements and applied controls, enhancing assessments and decision-making processes effortlessly. |
| Reference Controls | Streamline control management by utilizing Reference Controls as templates for applied controls. Achieve consistency and efficiency in control implementation, drawing from existing templates or creating bespoke ones to suit your specific needs. | |
| Applied Controls | Central to compliance and remediation, Applied Controls form the bedrock of your risk management strategy. Derived from Reference Controls for uniformity or developed independently, these controls play a vital role in ensuring compliance with organizational standards. | |
| Assets |
Identify and safeguard valuable organizational resources – whether digital or physical – with a focus on Assets. From customer records to intellectual property, assets encompass diverse data types crucial to your business success. Classify assets as Primary (core resources) or Support (indirect aids) to align resource allocation with strategic objectives effectively. |
¶ Governance
Optimize Governance Practices with GRC360's Cutting-Edge Solutions
In the realm of governance, establishing a strong foundation for assessments is paramount to driving effective cybersecurity strategies. From policies to risk matrices, GRC360 offers innovative tools to streamline governance processes and bolster security measures with precision.
|
Menu item |
Sub-item |
Description |
|---|---|---|
| Governance | Policies | Enhance your cybersecurity framework by housing essential policies within GRC360. Policies, a crucial subset of applied controls, delineate stakeholder expectations crucial for upholding a secure environment. Centralizing your cybersecurity policies within GRC360 not only ensures swift access for compliance assessments but also facilitates seamless policy lifecycle management to meet evolving organizational needs effectively. |
| Risk Matrices |
Navigate risk landscapes confidently with GRC360's sophisticated risk matrix feature. By assessing risk levels based on the interplay of probability and impact, our risk matrix tool provides a comprehensive understanding of potential scenarios. While organizations typically rely on official risk matrices, GRC360 offers the flexibility to choose the most suitable matrix for each assessment. Whether leveraging standard matrices or multiple custom variants, our platform accommodates your preferences. Once an assessment is initiated, select your desired risk matrix to drive precision and informed decision-making throughout the risk evaluation process. |
¶ Risk
Drive Informed Decision-Making with GRC360's Advanced Risk Management
Delve into the heart of risk analysis and management with GRC360, where every aspect - from defining risks to potential acceptance - is seamlessly orchestrated to empower organizations in their cybersecurity journey.
|
Menu item |
Sub-item |
Description |
|---|---|---|
| Risk | Risk Assessment |
Embark on a journey of risk assessment within your projects, encapsulating a multi-faceted approach:
|
| Risk Scenarios | Define and refine risk scenarios effortlessly within the risk assessment view or through a dedicated space catered to shaping and evolving risk scenarios uniquely. | |
| Risk Acceptance | Navigate risk acceptance decisions confidently with GRC360's streamlined workflow for managing formal approvals. Stay in control by overseeing risk acceptances and ensuring they align with organizational risk tolerance levels through structured approval processes. |
¶ Compliance
Experience streamlined compliance management, precise assessments, and robust evidence tracking with GRC360. Elevate your compliance practices, reinforce your control implementations, and showcase your commitment to regulatory standards with confidence
|
Menu item |
Sub-item |
Description |
|---|---|---|
| Compliance | Framework | At the core of GRC360 lies the framework, serving as the foundation for compliance standards such as ISO27001:2022. Effortlessly import frameworks from our library to align with industry best practices. |
| Audit | Assess your compliance status with your chosen framework using various status updates that span from 'To Do' to 'Compliant'. Tracking progress and compliance levels has never been clearer, ensuring a meticulous assessment of requirements with ease. | |
| Evidence | Evaluate compliance requirements seamlessly through requirement assessments. Leverage evidence - descriptions, links, or files - to substantiate compliance statuses and demonstrate control implementation effectively. Associate evidence with applied controls or requirement assessments effortlessly, strengthening your compliance stance. |
¶ Organization
Unlock the power of structured organization within GRC360's dynamic customer/client workspace.
|
Menu item |
Sub-item |
Description |
|---|---|---|
| Organization | Domains | Explore dedicated domains within each customer/client workspace, seamlessly integrated to enhance clarity and efficiency in your operations. Each domain mirrors the workspace name, offering a cohesive organizational structure. |
| Projects | Projects serve as the cornerstone context objects defined within GRC360, grouped under respective domains. From the design phase to end-of-life considerations, projects encompass key stages to streamline risk and compliance assessments effectively. Enhance project management precision, optimize analytics, and minimize noise by categorizing assessments to drive informed decision-making. | |
| Users | Discover a comprehensive list of users, each playing a pivotal role within the organization, ensuring seamless collaboration and workflow efficiency. | |
| User Groups | Elevate user permissions and scope definitions through strategic user group configurations. GRC360's Role-Based Access Control (RBAC) model simplifies user management, aligning roles with permissions while establishing clear domain boundaries for enhanced security and control. |
¶ Extra Tools
Unleash Enhanced Assessment Monitoring with GRC360's Extra Tools
|
Menu item |
Sub-item |
Description |
|---|---|---|
| Extra Tools | X-rays |
Dive into the powerful X-rays feature, a centralized hub meticulously designed to identify and rectify inconsistencies across your assessments within each project. Benefit from three distinct report types:
|
| Scoring Assistant | Empower your risk identification process with the intuitive Scoring Assistant, leveraging the renowned OWASP Risk Rating Methodology. Seamlessly determine risk levels for various scenarios by selecting technical or business impact parameters and providing accurate responses to pertinent questions. Elevate risk assessment precision and facilitate informed decision-making effortlessly. | |
| Libraries | Access a comprehensive array of compliance framework libraries, preloaded and at your fingertips within GRC360. Seamlessly leverage these libraries to streamline compliance efforts, optimize framework utilization, and drive compliance excellence efficiently. |
Empower your clients with Exium’s GRC platform and ensure they meet global cybersecurity compliance standards. Contact us today at partners@exium.net to learn more about how our solution can streamline compliance management and enhance security posture across diverse regulatory frameworks.