Governance, Risk and Compliance Management [GRC]                    Integrated Corporate and IT Governance.
The solution allows organizational alignment at strategic,                                                      tactical, ...
MAIN FEATURES• Automates the establishment, management and communication of the corporate and IT strategic plan;• Enables ...
Compliance Mapping to Main Governance Frameworks                        High-Level Mapping of Guidance to Cobit Processes ...
SOFTEXPERT EXCELLENCE SUITE                                                                           COMPANYSoftExpert is...
Upcoming SlideShare
Loading in …5
×

Gestión de Gobierno, Riesgos y Reglamentaciones (GRC)

613 views

Published on

SoftExpert GRC Suite - Gestión Gobierno, Riesgos y Reglamentaciones - ofrece una estructura del gobierno corporativo que posibilita la toma de decisiones eficaces y cambios de comportamiento organizacional Ofrece a la organización una implementación viable y eficiente del gobieno corporativo y de TI.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
613
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Gestión de Gobierno, Riesgos y Reglamentaciones (GRC)

  1. 1. Governance, Risk and Compliance Management [GRC] Integrated Corporate and IT Governance.
  2. 2. The solution allows organizational alignment at strategic, tactical, and operational levels. At the same time, it automates and manages the most essential processes related to a variety of activities, including setting strategic goals, key performance indicators, risk management, process management, project management, service management, applying metrics and controls, audits, and corrective actions. SoftExpert GRC Suite CORPORATE GOVERNANCE Mission/Vision Strategic Strategic Risk Process Quality Values/Strategies Initiatives Planning Management Management Management Goals/Metrics Management Corporate Performance Management Monitoring and Control SOX / COSO / BASEL II Strategic Alignment IT GOVERNANCE Mission/Vision Strategic IT Strategic Risk Process Quality Values/Strategies Initiatives Planning Management Management Management Goals/Metrics Management Human Projects and Incident and Configuration Capacity andITSM Financial Resource Services Problem and Change Availability Management Management Management Management Management Management IT Performance Management Monitoring and Control COBIT / ISO 20000 (ITIL) / ISO 27001 / PMBOK / CMMI SoftExpert GRC Suite •Corporate Solution •Compliance •Modular/Incremental Implementation •Framework Convergence •Avoid Application Silos •Decrease TCO •Avoid Extra Integration Costs •Accelerate ROI •Facilitate Users Training
  3. 3. MAIN FEATURES• Automates the establishment, management and communication of the corporate and IT strategic plan;• Enables the company to actively monitor current performance against goals;• Totally compliant with the BSC (Balanced Score Card) methodology;• Manages enterprise and IT risks;• Risk framework can easily be configured to a variety of organizational structures or methodologies;• Provides a framework for establishing risk management goals and priorities, identifying action plans and ownership, and monitoring progress against goals;• Provides program, portfolio and project management for Corporate and IT investments;• Ready to use, project management process aligned to standard PMBOK approach;• Automated task assignments, routing, escalation, review, and approval;• Provides a framework for defining and managing IT services;• Easy-to-use catalog service builder;• Generic and customizable workflow engine to structure the service flows and activities;• SLA (Service Level Agreement) Automation and Management;• Automates and manage third-parties and suppliers services and evaluation;• Automates the process of recording, assessing and prioritization of change requests;• Provides a workflow to authorize changes;• Audit history always accessible;• Maintains any related process and project documentation in a secure centralized system;• Retains documents according to company policy, from 24 hours to several years or longer;• Ensure processes are defined, planned, documented, monitored and controlled;• Processes can be carried out under controlled conditions: documented instructions, in-process controls, and approval of processes and controls;• Audits are planned and performed;• All findings are corrected and registered;• Manage any required corrective action;• Ensure corrective actions are carried out on time.• Automates the full cycle of recording, classification, investigation and diagnose of incidents and problems;• Review and disposition of nonconforming processes or controls is formalized;• Keep records of defects, the investigation of their cause and the corrective actions;• Schedules training sessions on user-defined calendars - weekly, monthly, or annually - with automatic display of training needs that are pending in a certain period of time;• Displays all scheduled training sessions through timesheets, spreadsheets, and Gantt charts;• Provides tools for all kinds of competence evaluation.
  4. 4. Compliance Mapping to Main Governance Frameworks High-Level Mapping of Guidance to Cobit Processes * SoftExpert GRC Suite COBIT Process COSO ITIL ISO 27001 PMBOK CMMI Performance Risks Portfolio Project Document Process/WF Action Audit Training Maintenance PO1 Define a Strategic IT Plan + - - - - S S S S PO2 Define the Information Architecture + - + - - M M PO3 Determine Technological Direction + + + - - M PO4 Define the IT Processes, Organization and Relationships + + + - - S S PO5 Manage the IT Investment + + - + - S S PO6 Communicate Management Aims and Direction + - + - - S S S S PO7 Manage IT Human Resources + - + - - S S PO8 Manage Quality - - - + + S S S PO9 Assess and Manage IT Risks + - + + + S S S PO10 Manage Projects - - - + + S S S S S S AI1 Identify Automated Solutions + - - - - M M AI2 Acquire and Mantain Application Software + - + - + S S S AI3 Acquire and Mantain Technology Infrastructure + - + - - S S AI4 Enable Operation and Use + + + - - S S AI5 Procure IT Resources - - - + - M AI6 Manage Changes + + + - + S S S AI7 Install and Accredit Solutions and Changes + + + - + S S DS1 Define and Manage Service Levels + + - - - S S S S DS2 Manage Third-Party Services - + + - - S S S S DS3 Manage Performance and Capacity + + + - - M M DS4 Ensure Continuous Service + + + - - M M DS5 Ensure Systems Security + + + - - M M DS6 Identify and Allocate Costs - + - - - M M DS7 Educate and Train Users + - + - + S S DS8 Manage Service Desk and Incidents - + + - - S S S DS9 Manage the Configuration + + + - + M DS10 Manage Problems - + - - + S DS11 Manage Data + + + - + M DS12 Manage the Physical Environment + - + - - DS13 Manage Operations - - + - - S S S S S S ME1 Monitor and Evaluate IT Performance - - + - + S S S S ME2 Monitor and Evaluate Internal Control - - + - - S S ME3 Ensure Regulatory Compliance + - - - - S S ME4 Provide IT Governance + - + - - S S S S S S S S S * Source: IT Governance Institute (ITGI) (+) Frequently Addressed Compliance: M Medium (partially compliant) Main (-) Not or Rarely Addressed S Strong (totally or mostly compliant) SupportCompliance to government and industry regulations, along withincreasingly demanding service management requirements, aredriving the need for stronger Corporate and IT Governance.These mounting demands can lead to higher costs, which, inturn, result in a need for greater control. Organizations must finda way to gain control of their IT service management capabilities,while aligning them with the needs of the business.SoftExpert GRC Suite provides a governance framework toenable effective decision making and behavioral changes. Itsupports best-practices framework convergence (SOX, COSO,COBIT, ISO 20000/ITIL, ISO 27001, PMBOK) and providesviable and effective implementation of both corporate and ITgovernance in your organization.
  5. 5. SOFTEXPERT EXCELLENCE SUITE COMPANYSoftExpert is the global leader in the field of excellence and compliance management software. More than 1,500companies worldwide trust SoftExperts solutions to streamline their work processes, simplify tasks and manageinformation. Developed for any type of business in a wide range of industries, SoftExpert solutions help companies reducecosts, minimize risks, improve performance and gain the flexibility to respond to changing business needs.By focusing on people and building lasting relationships with its customers and partners, the company excels at guidingcustomers through all aspects of implementation. SoftExperts mission is to continually develop innovative solutions thatsimplify operational effectiveness and keep customers in control of their business. Customer focus is a core component ofthe corporate culture and continues to be one of the key reasons why SoftExpert maintains a strong market presence.www.softexpert.comsales@softexpert.comSoftExpert is a registered trademark of SoftExpert Software for Business Excellence. Software for Business ExcellenceAll information contained in this brochure is subject to change without prior notice.

×