GRC Center Web1920x730

OMNITRACKER GRC Center

OMNITRACKER Governance, Risk and Compliance Center

Lead organizations legally compliant, according to standards and successfully

With OMNITRACKER Governance, Risk and Compliance Center (GRC Center), you manage your organization (companies, public institutions, NGOs, etc.) successfully and profitably while demonstrably complying with all necessary laws, standards and other compliance requirements. Use a central multistandard solution to manage all your compliance requirements, audits, controls and risk management. All information is available to you exactly when you have to make decisions. Even organization-specific or industry-specific regulations can be easily mapped and complied with. The objective of the GRC Center is the profitable, transparent and holistic management of your organization, based on integrated risk treatment and continuous improvement.

What does Governance, Risk and Compliance (GRC) mean?

Good (i.e., simultaneously low-risk and profitable) corporate management consists of three action levels: governance, risk management and compliance. Due to the overlap in content and the interaction of the individual areas, it makes sense to rely on an integrated GRC solution for software-supported implementation. This allows you to monitor your existing processes, structures, corporate values and IT infrastructure in the best possible way, and optimize them with regard to all GRC aspects.

  • Governance: In the area of governance, you define qualitative and quantitative objectives, shape relationships with your stakeholders, and manage your most important contracts. In a broader sense, it is also about the legally regulated responsibility of an organization and the commitments it has made. The other two areas, risk management and compliance, support you in achieving your defined targets and in complying with all (legal) regulations.
  • Risk management: Software-supported risk management includes the early identification and systematic collection, analysis and assessment of risks. Furthermore, the provision of risk strategies (avoid, reduce, transfer, accept) as well as iterative risk handling is managed. All business risk types must be considered here, e.g. strategic risks, market risks, default risks, compliance risks and operational risks. In this context, risks are defined as events that have an influence on the achievement of the company's objectives. In risk analysis, the dimensions of risk cause, impact (amount of damage) and probability are relevant. The primary objective of risk management is to keep the sum and severity of all potential risks as low as possible so that business targets can be met more predictably.
  • Compliance: Compliance means adherence to internal and external requirements. These requirements may be (international) laws, regulations and standards or (internal company) codes of conduct. This consciously controlled adherence to rules is aimed at avoiding legal sanctions or damage to the company's image, as well as increasing the quality and predictability of business activities. For example, checklists, management systems and industry-specific standards as well as generally applicable legal requirements serve as control elements. GRC software helps with the complete and documented implementation of all compliance regulations, as thousands of individual requirements are met in parallel.

Corporate management has to deal with complex distributed and interlinked levels of relationships. These include supraregional and multinational business relationships, legal and social rules, business units and locations with different objectives as well as the controlled implementation of processes. In every process within an organization, the most diverse manifestations of these influences interact with each other—each with its own individual requirements. With the GRC Center, you maintain an overview of this network of requirements and relationships. At the same time, you comply with all standards and regulations in a structured manner, which will ensure your business success.

You can find everything you need to know about OMNITRACKER GRC Center in a nutshell in our factsheet.

Download Factsheet

Advantages of software-supported "Governance, Risk & Compliance" management

Advantages at a glance:

  • Central and expandable multistandard solution
  • Minimize risks of all kinds
  • Reliably achieve business objectives & identify potential
  • Use synergies & save resources
  • Structured processes thanks to ITIL & ISO-compliant implementation
  • Internal & external GRC control system
GRC Center Unternehmen gut fuehren Vorteile

Beyond a certain complexity and severity of the requirements for your organization, the demands in the areas of governance, risk management and compliance can only be efficiently implemented and proven with one software. Synergies are exploited by managing all requirements in a central GRC solution with a uniform database. This aspect is particularly relevant for CRITIS companies, as this is where the strictest requirements have to be met by the legislator. The OMNITRACKER Governance, Risk and Compliance Center acts as an integrated platform that combines several management and control systems.

Expandable multistandard solution for all norms, standards and regulations

In order to be able to include further requirement catalogs of (ISO) norms and standards, the functional scope of the OMNITRACKER GRC Center can be easily and flexibly extended or adapted at any time. This is necessary, for example, when compliance with new standards must be ensured due to changes in legislation or when security-relevant processes are restructured. Even out of the box, the most important standards can be implemented efficiently, enabling a step-by-step introduction to the topic of governance, risk and compliance. The flexibility of the multistandard solution as a platform provides you with long-term investment security, as you only need to set up your system and asset structure once. After that, you can continue to expand it continuously and flexibly according to your needs.

Systematically analyze, assess, prioritize and minimize risks in a structured manner

Risk analyses are a mandatory part of implementing numerous industry standards, ISO specifications and ITIL practices. Since the overall risk management process is very complex, it makes sense to break it down into standardizable, easy-to-implement sub-processes. The individual steps are carried out reliably and documented by the risk management software. Automated workflows ensure that regular analyses, assessments, monitoring and implementation of all action steps are carried out dependably. Thanks to a customizable choice of risk strategy, you keep the impact of risks low. In the same way, the probability of sanctions or the amount of potential damages is reduced. Moreover, you benefit from optimized planning certainty, as you can better identify risks and assess their impact.

Achieve business objectives reliably and use optimization potential

With measurable and transparent target achievement, optimization cycles and the minimization of potential risks, you ensure in the best possible way that you achieve your agreed business goals. The PDCA concept (Plan - Do - Check - Act; also continuous improvement) is applied directly or indirectly in the implementation of several ISO standards. The goal is continuous process improvement and safe achievement of your business objectives. In the “Plan” phase, target values are set, the current situation is evaluated and measures to achieve the targets are defined. After a period of business operation (“Do”), the current state is compared against the defined target state (“Check”). With the help of a structured, data-based analysis, changes are made to the measures as needed (“Act”) to ensure continuity and further development. This cyclical approach helps to achieve and improve your business objectives, with risk management supporting this process.

Use synergies and save resources

You only use one central solution for all GRC-relevant tasks. Due to the content overlaps of numerous ISO standards, similar topics can be handled with only one processing for all standards. Furthermore, the time required for the preparation, execution and follow-up of audits, for example, is significantly reduced. Automated processes with BPMN reduce the susceptibility to errors and accelerate processing speeds, so that the ROI is achieved more quickly. You can also share your expertise within your organization via knowledge databases and an integrable document management system. This makes it easier and uniform for you to deal with risks, compliance regulations or recurring requirements.

ISO- and ITIL-compliant implementation of your GRC strategy

ITIL is used to improve the quality of services and to make underlying processes reproducible. The requirements of the ISO standards and the recommendations of the ITIL best practices were taken into account during the development of the OMNITRACKER Governance, Risk and Compliance Center.

Audit-proof internal control system (ICS)

Since the objectives of an ICS overlap with those of GRC software, OMNITRACKER GRC Center can be configured in a way that your ICS can also be used as an internal compliance application. You define clear requirements in your compliance regulations and identify the business processes to be monitored in the ICS. At the same time, the GRC Center can be used as a reporting system. So, your organization is accessible to employees but also to external persons.

Successful corporate governance with all processes in the OMNITRACKER GRC Center.

Download flyer

Current scope of functions and planned upgrades of the OMNITRACKER GRC Center

Icons GRC Center RM 300

Risk Management

With OMNITRACKER Risk Management, you collect, analyze, evaluate, control and document all risks on process, project and company level.

Icons GRC Center ACM 300

Audit and Compliance Management

With OMNITRACKER Audit and Compliance Management, you build a management system to meet all requirements for your organization. Audits are performed to check compliance and to control the correction of deviations.

Icons GRC Center Gov 300

Governance Services

With the module Governance Services, you collect, control, and document all the management decisions, contracts, objectives, and information your organization needs to comply with all requirements and ensure business success.

Raster Angebot Icons2022 GRC Center BCM 300 v2

Business Continuity Management

Our Business Continuity Management provides you with tools for (preventive) handling of loss events. For example, you use business impact analyses to assess the impact of potential damages. Emergency plans help you to react quickly to incidents and to survive them, if possible, without consequential damage. Disaster recovery plans help you to fully resume your regular business activities after a crisis.

Raster Angebot Icons2022 GRC Center VM 300 v2

Vendor Risk Management

Vendor Risk Management supports you regarding make-or-buy decisions and with identifying the best suppliers. Furthermore, it helps you to centrally manage your contractual relationships with suppliers and partners and evaluate their performance.

Raster Angebot Icons2022 GRC Center CIS 300 v2

Critical Infrastructure Services

Critical Infrastructure Services support organizations that are part of the critical infrastructure in identifying critical processes according to the KRITIS regulation. Furthermore, complete and verifiable auditing along industry-dependent specifications is possible, as well as timely and complete reporting and notifications to government bodies and stakeholders.

We will gladly support you in integrating your collected risks, risk classes and risk assets into OMNITRACKER GRC Center as your new governance, risk and compliance platform.

Contact us!

The Governance, Risk and Compliance Center as part of the OMNITRACKER Business Process Ecosystem

OMNITRACKER GRC Center Struktur EN

The OMNITRACKER Governance, Risk and Compliance Center is a solution that can be used out of the box and consists of several individual modules. As an integrated multistandard platform, the GRC Center is the ideal entry point to a centralized system that digitally maps all your enterprise-wide business processes. The functional scope of the underlying OMNITRACKER core system can be extended modularly by numerous applications. In addition to a central contract or document management, an ITSM solution is useful. With ITSM, you record your services or incidents in a structured way. All included workflows can be automated with BPMN.

Benefits OMNITRACKER platform:

  • Expandable range of functions thanks to modular structure and numerous interfaces
  • Flexible customizing possible so that individual requirements can be implemented
  • Mobile access to all applications
  • Complete documentation
  • Central database with impressive compatibility
  • KPI reporting and real-time dashboards thanks to Business Intelligence
  • Long-term investment security, as the software grows with your requirements
  • Processes can be automated to save resources

Learn more about OMNITRACKER

Features

Feature GRCC 300 1 Rechte Rollen v3

Comprehensive rights and roles concept

Feature GRCC 300 2 Komplettloesung

All-in-one solution with extensive applications and tools

Feature GRCC 300 3 Integrier

Integrated risk management of all organization-wide activities

Feature GRCC 300 4 Transparenz

Time-accurate, high transparency and control thanks to Business Intelligence

Feature GRCC 300 5 Prozess v2

Process-oriented and information-based improvement of your organization

Feature GRCC 300 6 Gesezte

Compliance with necessary and required laws, standards and guidelines

One central multistandard solution for all requirements

The OMNITRACKER Governance, Risk and Compliance Center supports you in complying with all relevant regulations, ISO standards, legal requirements and other demands. The multistandard solution can be used out of the box and, at the same time, it can be flexibly extended. Required data and requirement catalogs are continuously added via open interfaces. This ensures that your GRC software remains up to date—even if changes in legislation require an adjustment of your compliance landscape.

The content interdependencies and dependencies of such a multistandard system become increasingly complex after a certain size. To deal with that, OMNITRACKER relies on consistent modularization and reuse of features of the OMNITRACKER applications for the structural implementation to support the GRC services.

Standards and regulations as examples

ISO 31000 - Risk management

ISO 31000 deals with structured risk management. The specifications mentioned in the ISO are general and follow a management system approach. During implementation, the individual requirements of the respective organization have to be taken into account. Risks of all potential damage categories are considered. The overriding objective of the standard is to identify, manage and mitigate risks so that business objectives are met with the greatest possible probability.

ISO 19600 - Compliance management systems (since April, 2021: replaced by ISO 37301)

On the one hand, the superseded ISO 19600, which has been further developed and adapted in ISO 37301, considers compliance management systems and pursues the objectives of identifying irregular behavior by managers and employees. On the other hand, it aims to demonstrably ensure the compliance with supervisory and control obligations. A distinction is made between mandatory compliance and voluntary codes. Concrete implementation is achieved, for example, through instructions for action, checklists, behavioral guidelines and process descriptions. Risk analyses are integrated. The ISO standard is scalable. Therefore, it can be implemented in organizations of all sizes. Organizations benefit in many ways when they actively manage their compliance, for example when it comes to avoiding penalties, liability risks or maintaining a good reputation. Consistent compliance management is particularly relevant in the following areas: Tax law, commercial law (national and international), labor law, antitrust law, product safety, IT security, money-laundering, corruption, antitrust law, environmental protection, etc.

ISO 19011 - Auditing of management systems

ISO 19011 is intended to support the planning, documented execution and follow-up of audits of management systems. The continuous improvement of these management systems is also an essential component

ISO 9001 - Quality management

Quality management systems ensure that the system and process quality in an organization are checked and continuously improved. The aim of a quality management system is to align the organization with customer satisfaction by optimizing the company's performance and ensuring high service or product quality. To ensure this, responsibilities and accountabilities are specifically defined. In addition, the sequence of quality-relevant process steps within the value chain is documented. Good quality management is also characterized by the skillful use of resources. It is possible for companies to have their quality management certified to ISO 9001.

ISO 27001 - Information security management systems

ISO 27001 deals with the requirements for information security management systems (ISMS). Specifically, it deals with the protection of confidentiality, integrity and availability of all information. In this context, confidentiality means that information must be protected against unauthorized access. Integrity implies that information must be authentic and free of tampering. Availability means that information must be available for services and functions at the required time. The majority of the information requirements to be met can be found in the area of IT security.

Due to the comprehensive scope of IT security as a result of increasing digitization of society, ISO 27001-compliant operation with cyclical audits is mandatory in some areas. Since potential damage from the misuse of data and information or from cyber-attacks can be very high, ISO 27001 provides for risk analyses to protect against cybercrime in a preventive manner. This includes the loss of data. Since technical possibilities—and thus potential dangers—develop faster than legislative decisions, organizations must independently ensure that their IT systems and the necessary know-how correspond to the current state of the art.

Standards for IT security

Some countries have minimum standards for the IT security level of organizations. Some use ISO 27001 standards as a basis for such regulations. In doing so, organizations can improve their safety, while risk minimization is usually a part of a well-structured IT security management. In most cases, IT security management structures follow a holistic approach.

Software for organizations of the critical infrastructure

Organizations which play a role in the so-called critical infrastructure usually have to deal with more complex requirements regarding (IT) security than the ISO standards. In most cases, there are national laws for every industry. The implementation of such regulations has to be done comprehensibly and with documentation. With OMNITRACKER GRC Center, you can manage such complex and ramified regulations.

Industry-specific standards

Some industries have to comply with very high standards, forced by law or internal security or quality related guidelines. Templates and automated processes help to fulfill all requirements, even when this managing has to be done simultaneously and with a lot of parallel running time triggered actions. By using OMNITRACKER GRC Center, widely used standards can be mapped as well as individual requirements.

Internal compliance measures against corruption and conflicts of interest

Some companies want to make it more difficult for their employees to commit crimes (e.g., corruption) in their role within the organization. This active crime prevention not only improves internal compliance and transparency, but also can protect organizations from sanctions.

Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law (so-called protection for whistleblowers)

The directive of the European Parliament and of the Council serves as a guideline for legislations on a national level. Whistleblowers are to be protected if they draw attention to structural abuses or illegal behavior within an organization. Organizations with a certain size of employees are thus required to provide a reporting system that enables anonymous reporting of potentially irregular behavior (also to the outside)

National standards for insurance companies as well as for financial and credit institutions

Most national supervisory authorities have created mandatory minimum requirements for the design of risk management systems for financial and credit institutions and insurance companies. The topics of crisis management, documentation, outsourcing, and internal and external auditing processes are particularly relevant. For example, credit risks, market price risks, liquidity risks and operational risks are considered. For financial service providers, there are therefore special requirements for the IT systems used—especially in the area of risk management—in order to be able to gather all risks in a structured manner, evaluate them, and manage them accordingly.

Supplier and vendor checks

An EU regulation is in the making intended to ensure that human rights and labor regulations are observed throughout the supply and value chain. For almost every country, national regulations will follow, as it has been done for example in Germany. Environmental aspects must also be taken into account. Ideally, the law already takes place during the selection of (foreign-based) suppliers. If violations become evident, countermeasures must be taken, or the offending behavior must cease. It is particularly relevant here that organizations are obligated to demonstrably carry out corresponding audits of suppliers. Corresponding checklists and requirement catalogs can be mapped with the GRC Center—especially in the Vendor Management module.

Future regulations and legislative changes

The OMNITRACKER GRC Center is designed in such a way that future requirements can be integrated at any time. This allows you to remain flexible and continue to use your existing data (incl. master data, maintained assets, risk classes, etc.). As a software partner, we keep an eye on the most important legislation, so that we can quickly offer our new and existing customers a suitable solution, if required. You can also implement "tailor-made" solutions for special security requirements as well as individual solutions yourself or with the support of our consulting team that will be happy to advise you on individual GRC implementations.

Individual requirements, own instructions and self-assessment

In addition to the mandatory minimum standards and recommended norms, an organization can define and implement its own regulations.  With OMNITRACKER GRC Center, the compliance with these regulations is checked and documented. Especially in organizations that belong to critical infrastructures or have special security or quality requirements, additional (in-house) standards are often introduced and adhered to in a controlled manner. This procedure has a preventive effect, as it minimizes or best manages the risk of possible accidents, conflicts of interest, failures, criminality or improbable external influences. Particularly in the area of critical infrastructure, the uninterrupted maintenance of business capability must be ensured to the best possible extent. For this purpose, special organizational areas are created in individual cases and additional control systems are developed.

If an organization sets self-imposed, stricter compliance rules and actively promotes their implementation, this may have a mitigating effect on penalties in compliance-related criminal proceedings.

Site-specific requirements with extended checklists can also be mapped with the GRC Center.

Utilisateurs satisfaits d’OMNITRACKER

OMNITRACKER rend les processus plus clairs et plus simples

The GRC Center as an expandable platform and basis for the implementation of industry- and sector-specific compliance requirements

Other requirements and standards can be added flexibly.

Depending on the industry, various norms and ISO standards are mandatory. Legal regulations at national and international level can be added as well as self-imposed guidelines. The ISO standards listed below are minimum standards that must generally be applied in the relevant industry. In practice, however, individual market situations, internal requirements not defined by law, or contractual obligations from customers, partners, or suppliers add further obligations. In addition, each industry and social sector has to fulfill further technical, normative requirements.

The list below is intended to provide examples of which ISO standards and regulations can be easily implemented with the OMNITRACKER Governance, Risk and Compliance Center multistandard solution, if the appropriate customizing is in place. Regulations that go beyond this can also be mapped. Our customizing team will be happy to advise you on the software-supported implementation of all standards relevant to you.

The standards listed below refer to the legislation of Germany. Other countries usually have comparable national regulations, specifications and restrictions.

 

Frameworks

  • ITIL®
  • ISO
 
  • COBIT
  • ANSI

 

Management Systems

  • ISO 9001
  • ISO 20000
  • ISO 27701
  • ISO 30000
  • ISO 50001
 
  • ISO 14001
  • ISO 27001
  • ISO 22301
  • ISO 37301
  • ISO 55001
branchen iso IT Unternehmen v3

IT & Telecommunications

  • B3S IT-Sicherheit
  • EN 50600
  • TL 9000
branchen iso Behoerden v3

Public Administration

  • BSI-Standard 200-1
  • BSI-Standard 200-3
  • BSI-Standard 200-4
branchen iso Finanzen v3

Finance & Insurance

  • BaFin MaRisk (BA)
  • BaFin BAIT
  • SOX
branchen iso Logistik v2

Transport & Traffic

  • ISO 28000
  • DIN ISO 45001
  • AS 9100
branchen iso Gesundheit v2

Health

  • DIN EN 15224
  • ISO 13485
  • B3S Gesundheit
branchen iso V3 Ernaehrung v2

Food

  • ISO 22000
  • LMIV
  • DIN 10501
branchen iso Automobil v3

Automotive

  • IATF 16949
  • VDA 6.3
  • VDA TISAX
branchen iso V3 MedienKultur v2

Media & Culture

  • DIN ISO 45001
  • ISO 22301
  • PCI DSS
branchen iso V3 Verteidigung

Defense

  • MIL-STD-810
  • AQAP-2310
  • AQAP-2110
branchen iso Energie v2

Energy

  • ISO 27019
  • B3S VvFW
  • ISO 29404
branchen iso V3 Wasser

Water

  • DIN EN 15975
  • ISO 24512
  • RL (EU) 2020/2184
branchen iso V3 Abfallentsorgung

Municipal Waste Management

  • DIN SPEC 1108
  • ISO 24527
  • B3S Wasser

Individual or specific norms, standards or regulations

Your standard is not mentioned? Add more requirements to your GRC Center by yourself.

Request a quote from OMNITRACKER GRC Center Basic Package 2021.

Contact us

Basic Package 2021 of OMNITRACKER GRC Center

Icons GRC Center RM 300 v2

Risk Management

  • Stepwise approach to mitigate a risk using reoccurrences
  • 2- or 3-dimensional risk model with risk aggregation
  • Automated risk priority number (RPN) calculation
  • Ability to escalate risks, e.g. concerning legal violations and liabilities
  • Real-time information system operated by Business Intelligence
  • Financial risk assessment, inclusive escalation in case of threshold overrun
  • Features according to ISO 31000
Icons GRC Center ACM 300 v2

Audit & Compliance Management

  • Five audit modi and types of compliance checks
  • Free definition of requirement catalogs
  • Ability to deal with a wide range of laws, standards, policies and processes
  • Integrated risk management to mitigate noncompliances
  • Role-specific cockpit with personalized task list
  • Real-time information system operated by Business Intelligence
  • Integrated ISMS (ISO 27001) and QMS (ISO 9001)
  • Features according to ISO 19600 and ISO 19011
  • Enables sector specific security checks, e.g. acc. to COUNCIL DIRECTIVE 2008/114/EC
Icons GRC Center Gov 300 v2

Governance

  • Leadership compliant with laws, obligations and standards
  • Monitoring and check of relevant tasks, projects and corrections
  • Integrated contract management
  • Compliance case management with incident ticketing
  • Comprehensive management cockpits to highlight compliance status
  • Real-time status of key performance indicators and key risk indicators
  • Features according to ISO 19600 and DIN SPEC 36601

Seamless interaction

Système de billetterie ITSM

Business Intelligence

Automatisation des processus

Apprenez-en davantage sur le Business Process Ecosystem OMNITRACKER.

Apprenez à connaître notre système de base, connectez des systèmes externes via nos interfaces et élargissez la gamme fonctionnelle de votre système logiciel grâce à nos applications.

Business Process Ecosystem