As a newly created spin-off of a Fortune 50 industry giant, our client – an animal health company – was faced with the need to build a complete governance, risk and compliance management system to deal with the requirements of the highly regulated industry.
Problems to solve
- GRC processes dispersed in 6 different systems based on legacy solutions with no license.
- Multiple, spreadsheet-based processes with no user-friendly interface.
- Inefficient executive reporting and decision making due to disparate legacy data.
Step-by-step implementation of the AdaptiveGRC Suite to set up a consistent GRC management environment
• Establishing goals and identifying the organization’s priority order for releasing and operationalizing its GRC activities.
• Setting up the central GRC engineering pillars:
Governance Factors – the primary regulations, standards and guidelines used by the organization to drive the company’s GRC activities and executive reporting, including Information Security (ISO27001), Data Privacy, SOX, PCI DSS, FDA regulations and more; and
Process Streams – process scenarios that the company usually uses to check on compliance status
• Final configuration of the GRC engineering pillars in the AdaptiveGRC application for universal use across the system. with the following GRC functions: Compliance Requirements Framework, Vendor Risk Profiling, Application Risk Profiling, Vendor Compliance Assessments, Privacy Change Reporting, Security Testing Results Management, Anti-Corruption Assessments, Quality Management (Events, Findings, CAPAs, Deviations).