The document details the Softexpert GRC Suite, which integrates governance, risk, and compliance management for organizations by aligning corporate and IT governance. It automates processes such as risk management, project oversight, and compliance with various governance frameworks, enabling effective monitoring of performance and strategic goals. Softexpert aims to enhance operational efficiency and support companies in managing cost and risk while adapting to changing business needs.

1. Governance, Risk and Compliance Management [GRC]
Integrated Corporate and IT Governance.

2. The solution allows organizational alignment at strategic,
tactical, and operational levels. At the same time, it
automates and manages the most essential processes
related to a variety of activities, including setting strategic
goals, key performance indicators, risk management,
process management, project management, service
management, applying metrics and controls, audits, and
corrective actions.
SoftExpert GRC Suite
CORPORATE GOVERNANCE
Mission/Vision Strategic
Strategic Risk Process Quality
Values/Strategies Initiatives
Planning Management Management Management
Goals/Metrics Management
Corporate Performance Management
Monitoring and Control
SOX / COSO / BASEL II
Strategic
Alignment
IT GOVERNANCE
Mission/Vision Strategic
IT Strategic Risk Process Quality
Values/Strategies Initiatives
Planning Management Management Management
Goals/Metrics Management
Human Projects and Incident and Configuration Capacity and
ITSM
Financial
Resource Services Problem and Change Availability
Management
Management Management Management Management Management
IT Performance Management
Monitoring and Control
COBIT / ISO 20000 (ITIL) / ISO 27001 / PMBOK / CMMI
SoftExpert GRC Suite
•Corporate Solution •Compliance
•Modular/Incremental Implementation •Framework Convergence
•Avoid Application Silos •Decrease TCO
•Avoid Extra Integration Costs •Accelerate ROI
•Facilitate Users Training

3. MAIN FEATURES
• Automates the establishment, management and communication of the corporate and IT strategic plan;
• Enables the company to actively monitor current performance against goals;
• Totally compliant with the BSC (Balanced Score Card) methodology;
• Manages enterprise and IT risks;
• Risk framework can easily be configured to a variety of organizational structures or methodologies;
• Provides a framework for establishing risk management goals and priorities, identifying action plans and ownership,
and monitoring progress against goals;
• Provides program, portfolio and project management for Corporate and IT investments;
• Ready to use, project management process aligned to standard PMBOK approach;
• Automated task assignments, routing, escalation, review, and approval;
• Provides a framework for defining and managing IT services;
• Easy-to-use catalog service builder;
• Generic and customizable workflow engine to structure the service flows and activities;
• SLA (Service Level Agreement) Automation and Management;
• Automates and manage third-parties and suppliers services and evaluation;
• Automates the process of recording, assessing and prioritization of change requests;
• Provides a workflow to authorize changes;
• Audit history always accessible;
• Maintains any related process and project documentation in a secure centralized system;
• Retains documents according to company policy, from 24 hours to several years or longer;
• Ensure processes are defined, planned, documented, monitored and controlled;
• Processes can be carried out under controlled conditions: documented instructions, in-process controls, and approval
of processes and controls;
• Audits are planned and performed;
• All findings are corrected and registered;
• Manage any required corrective action;
• Ensure corrective actions are carried out on time.
• Automates the full cycle of recording, classification, investigation and diagnose of incidents and problems;
• Review and disposition of nonconforming processes or controls is formalized;
• Keep records of defects, the investigation of their cause and the corrective actions;
• Schedules training sessions on user-defined calendars - weekly, monthly, or annually - with automatic display of
training needs that are pending in a certain period of time;
• Displays all scheduled training sessions through timesheets, spreadsheets, and Gantt charts;
• Provides tools for all kinds of competence evaluation.

4. Compliance Mapping to Main Governance Frameworks
High-Level Mapping of Guidance to Cobit Processes * SoftExpert GRC Suite
COBIT Process COSO ITIL ISO 27001 PMBOK CMMI Performance Risks Portfolio Project Document Process/WF Action Audit Training Maintenance
PO1 Define a Strategic IT Plan + - - - - S S S S
PO2 Define the Information Architecture + - + - - M M
PO3 Determine Technological Direction + + + - - M
PO4 Define the IT Processes, Organization and Relationships + + + - - S S
PO5 Manage the IT Investment + + - + - S S
PO6 Communicate Management Aims and Direction + - + - - S S S S
PO7 Manage IT Human Resources + - + - - S S
PO8 Manage Quality - - - + + S S S
PO9 Assess and Manage IT Risks + - + + + S S S
PO10 Manage Projects - - - + + S S S S S S
AI1 Identify Automated Solutions + - - - - M M
AI2 Acquire and Mantain Application Software + - + - + S S S
AI3 Acquire and Mantain Technology Infrastructure + - + - - S S
AI4 Enable Operation and Use + + + - - S S
AI5 Procure IT Resources - - - + - M
AI6 Manage Changes + + + - + S S S
AI7 Install and Accredit Solutions and Changes + + + - + S S
DS1 Define and Manage Service Levels + + - - - S S S S
DS2 Manage Third-Party Services - + + - - S S S S
DS3 Manage Performance and Capacity + + + - - M M
DS4 Ensure Continuous Service + + + - - M M
DS5 Ensure Systems Security + + + - - M M
DS6 Identify and Allocate Costs - + - - - M M
DS7 Educate and Train Users + - + - + S S
DS8 Manage Service Desk and Incidents - + + - - S S S
DS9 Manage the Configuration + + + - + M
DS10 Manage Problems - + - - + S
DS11 Manage Data + + + - + M
DS12 Manage the Physical Environment + - + - -
DS13 Manage Operations - - + - - S S S S S S
ME1 Monitor and Evaluate IT Performance - - + - + S S S S
ME2 Monitor and Evaluate Internal Control - - + - - S S
ME3 Ensure Regulatory Compliance + - - - - S S
ME4 Provide IT Governance + - + - - S S S S S S S S S
* Source: IT Governance Institute (ITGI) (+) Frequently Addressed Compliance: M Medium (partially compliant) Main
(-) Not or Rarely Addressed S Strong (totally or mostly compliant) Support
Compliance to government and industry regulations, along with
increasingly demanding service management requirements, are
driving the need for stronger Corporate and IT Governance.
These mounting demands can lead to higher costs, which, in
turn, result in a need for greater control. Organizations must find
a way to gain control of their IT service management capabilities,
while aligning them with the needs of the business.
SoftExpert GRC Suite provides a governance framework to
enable effective decision making and behavioral changes. It
supports best-practices framework convergence (SOX, COSO,
COBIT, ISO 20000/ITIL, ISO 27001, PMBOK) and provides
viable and effective implementation of both corporate and IT
governance in your organization.

5. SOFTEXPERT EXCELLENCE SUITE
COMPANY
SoftExpert is the global leader in the field of excellence and compliance management software. More than 1,500
companies worldwide trust SoftExpert's solutions to streamline their work processes, simplify tasks and manage
information. Developed for any type of business in a wide range of industries, SoftExpert solutions help companies reduce
costs, minimize risks, improve performance and gain the flexibility to respond to changing business needs.
By focusing on people and building lasting relationships with its customers and partners, the company excels at guiding
customers through all aspects of implementation. SoftExpert's mission is to continually develop innovative solutions that
simplify operational effectiveness and keep customers in control of their business. Customer focus is a core component of
the corporate culture and continues to be one of the key reasons why SoftExpert maintains a strong market presence.
www.softexpert.com
sales@softexpert.com
SoftExpert is a registered trademark of SoftExpert Software for Business Excellence. Software for Business Excellence
All information contained in this brochure is subject to change without prior notice.