gestión de gobierno, riesgos y reglamentaciones (grc)
DESCRIPTION
SoftExpert GRC Suite - Gestión Gobierno, Riesgos y Reglamentaciones - ofrece una estructura del gobierno corporativo que posibilita la toma de decisiones eficaces y cambios de comportamiento organizacional Ofrece a la organización una implementación viable y eficiente del gobieno corporativo y de TI.TRANSCRIPT
Governance, Risk and Compliance Management [GRC]
Integrated Corporate and IT Governance.
SoftExpert GRC Suite
CORPORATE GOVERNANCE
StrategicPlanning
Mission/Vision Values/StrategiesGoals/Metrics
Risk Management
StrategicInitiatives Management
Process Management
Quality Management
SOX / COSO / BASEL II
StrategicAlignment
IT GOVERNANCE
IT StrategicPlanning
Mission/Vision Values/StrategiesGoals/Metrics
Risk Management
StrategicInitiatives Management
Process Management
Quality Management
HumanResourceManagement
Projects andServicesManagement
Incident andProblemManagement
Configurationand ChangeManagement
Capacity andAvailabilityManagement
Financial Management
IT Performance Management
Monitoring and Control
Corporate Performance Management
Monitoring and Control
COBIT / ISO 20000 ( / PMBOK / CMMIITIL) ISO 27001 /
The solution allows organizational alignment at strategic,
tactical, and operational levels. At the same time, it
automates and manages the most essential processes
related to a variety of activities, including setting strategic
goals, key performance indicators, risk management,
process management, project management, service
management, applying metrics and controls, audits, and
corrective actions.
SoftExpert GRC Suite
•Corporate Solution
•Modular/Incremental Implementation
•Avoid Application Silos
•Avoid Extra Integration Costs
•Facilitate Users Training
•Compliance
•Framework Convergence
•Decrease TCO
•Accelerate ROI
ITS
M
MAIN FEATURES
• Automates the establishment, management and communication of the corporate and IT strategic plan;
• Enables the company to actively monitor current performance against goals;
• Totally compliant with the BSC (Balanced Score Card) methodology;
• Manages enterprise and IT risks;
• Risk framework can easily be configured to a variety of organizational structures or methodologies;
• Provides a framework for establishing risk management goals and priorities, identifying action plans and ownership,
and monitoring progress against goals;
• Provides program, portfolio and project management for Corporate and IT investments;
• Ready to use, project management process aligned to standard PMBOK approach;
• Automated task assignments, routing, escalation, review, and approval;
• Provides a framework for defining and managing IT services;
• Easy-to-use catalog service builder;
• Generic and customizable workflow engine to structure the service flows and activities;
• SLA (Service Level Agreement) Automation and Management;
• Automates and manage third-parties and suppliers services and evaluation;
• Automates the process of recording, assessing and prioritization of change requests;
• Provides a workflow to authorize changes;
• Audit history always accessible;
• Maintains any related process and project documentation in a secure centralized system;
• Retains documents according to company policy, from 24 hours to several years or longer;
• Ensure processes are defined, planned, documented, monitored and controlled;
• Processes can be carried out under controlled conditions: documented instructions, in-process controls, and approval
of processes and controls;
• Audits are planned and performed;
• All findings are corrected and registered;
• Manage any required corrective action;
• Ensure corrective actions are carried out on time.
• Automates the full cycle of recording, classification, investigation and diagnose of incidents and problems;
• Review and disposition of nonconforming processes or controls is formalized;
• Keep records of defects, the investigation of their cause and the corrective actions;
• Schedules training sessions on user-defined calendars - weekly, monthly, or annually - with automatic display of
training needs that are pending in a certain period of time;
• Displays all scheduled training sessions through timesheets, spreadsheets, and Gantt charts;
• Provides tools for all kinds of competence evaluation.
PO4 Define the IT Processes, Organization and Relationships
PO6 Communicate Management Aims and Direction
High-Level Mapping of Guidance to Cobit Processes *
PO1 Define a Strategic IT Plan
PO2 Define the Information Architecture
PO3 Determine Technological Direction
PO5 Manage the IT Investment
PO7 Manage IT Human Resources
PO8 Manage Quality
PO9 Assess and Manage IT Risks
PO10 Manage Projects
AI1 Identify Automated Solutions
AI2 Acquire and Mantain Application Software
AI3 Acquire and Mantain Technology Infrastructure
AI4 Enable Operation and Use
AI5 Procure IT Resources
AI6 Manage Changes
AI7 Install and Accredit Solutions and Changes
DS1 Define and Manage Service Levels
DS2 Manage Third-Party Services
DS3 Manage Performance and Capacity
DS4 Ensure Continuous Service
DS5 Ensure Systems Security
DS6 Identify and Allocate Costs
DS7 Educate and Train Users
DS8 Manage Service Desk and Incidents
DS9 Manage the Configuration
DS10 Manage Problems
DS11 Manage Data
DS12 Manage the Physical Environment
DS13 Manage Operations
ME1 Monitor and Evaluate IT Performance
ME2 Monitor and Evaluate Internal Control
ME3 Ensure Regulatory Compliance
ME4 Provide IT Governance
COBIT Process COSO
+
+
+
+
+
+
+
-
+
-
+
+
+
+
-
+
+
+
-
+
+
+
-
+
-
+
-
+
+
-
-
-
+
+
ITIL
-
-
+
+
+
-
-
-
-
-
-
-
-
+
-
+
+
+
+
+
+
+
+
-
+
+
+
+
-
-
-
-
-
-
ISO 27001
-
+
+
+
-
+
+
-
+
-
-
+
+
+
-
+
+
-
+
+
+
+
-
+
+
+
-
+
+
+
+
+
-
+
PMBOK
-
-
-
-
-
-
-
+
+
+
-
+
-
-
-
+
+
-
-
-
-
-
-
+
-
-
-
-
-
+
-
+
+
+
-
-
-
-
+
-
-
+
+
+
-
-
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CMMI
SoftExpert GRC Suite
Performance Risks Portfolio Project Document Process/WF Action Audit Training Maintenance
S S S S
M
S
M
S S
S
S
S
M
S S S
SS
S
SS
S S S S S
S S
S
S
M M
SS
S
S
S
M
S
S S
S
S
S
S
M
S
S
S
S
S
M
M
M
M
S
S
S
S
M
S
S
M
M
SS
S
S S S S S S S S
S
S
SS
S
S
S
S
S
S
S
S
S
M
M
S
S
* Source: IT Governance Institute (ITGI) (+) Frequently Addressed
(-) Not or Rarely Addressed
Compliance: M
S
Medium (partially compliant)
Strong (totally or mostly compliant)
Main
Support
Compliance Mapping to Main Governance Frameworks
Compliance to government and industry regulations, along with
increasingly demanding service management requirements, are
driving the need for stronger Corporate and IT Governance.
These mounting demands can lead to higher costs, which, in
turn, result in a need for greater control. Organizations must find
a way to gain control of their IT service management capabilities,
while aligning them with the needs of the business.
SoftExpert GRC Suite provides a governance framework to
enable effective decision making and behavioral changes. It
supports best-practices framework convergence (SOX, COSO,
COBIT, ISO 20000/ITIL, ISO 27001, PMBOK) and provides
viable and effective implementation of both corporate and IT
governance in your organization.
Software for Business Excellence
SoftExpert is a registered trademark of SoftExpert Software for Business Excellence.All information contained in this brochure is subject to change without prior notice.
SoftExpert is the global leader in the field of excellence and compliance management software. More than 1,500
companies worldwide trust SoftExpert's solutions to streamline their work processes, simplify tasks and manage
information. Developed for any type of business in a wide range of industries, SoftExpert solutions help companies reduce
costs, minimize risks, improve performance and gain the flexibility to respond to changing business needs.
By focusing on people and building lasting relationships with its customers and partners, the company excels at guiding
customers through all aspects of implementation. SoftExpert's mission is to continually develop innovative solutions that
simplify operational effectiveness and keep customers in control of their business. Customer focus is a core component of
the corporate culture and continues to be one of the key reasons why SoftExpert maintains a strong market presence.
SOFTEXPERT EXCELLENCE SUITE
COMPANY