The Most Customizable Compliance Solution on the Planet
No other Compliance Management software gives you the flexibility to manage multiple compliance standards and customized InfoSec programs, all at the same time and in the same place.
Built-in Standards & Frameworks
We have pre-built, ready-to-use regulatory, statutory and contractual standards — like HIPAA, CMMC, NIST SP800-171, GDPR — and dozens on the way (check back regularly for updates, or put in a request for a standard you’d like to see). And we regularly add new standards into the platform. You can go with the pre-written procedures and descriptions or customize them to better define what you do.
Build Your Own Standards
Want to add a standard that’s not included? We make it easy by exposing our huge library of hundreds of controls that feed the requirements of all the major standards we have. You can clone any standard as a starting point, and then add or move the default requirements and controls with a click of a button. Have a unique control or requirement to add? No problem!
Create Your Own Controls
Create your own requirements with your own descriptions and general guidance that defines your goal. Then create your own custom controls, with your ID, control descriptions and procedures. It takes less than a minute to create each one, and once added to the library, your custom controls and requirements are immediately available for use in the system.
Manage Multiple Standards at the Same Time
Most IT organizations are asked to manage compliance with a dizzying array of regulatory, statutory, contractual and internal IT requirements – all at the same time. With Compliance Manager GRC, you can, since all standards – including the ones you create for yourself – are all pulling from the same operational controls database. As you implement any control, it automatically updates every standard you are tracking that has requirements based on that control. Track them all through a single graphical dashboard from anywhere with internet access.
Built-In Compliance Management Templates
HIPAA requires adherence to three different rules: the Security Rule, the Privacy Rule, and the Breach Notification Rule. Compliance Manager GRC allows you to select any combination of these rules and manage compliance with them at the same time. Covered Entities can use the Vendor Risk Management feature of Compliance Manager GRC to manage compliance of your Business Associates.
EU & UK GDPR COMPLIANCE
Compliance Manager GRC has separate standard management templates for both the EU and the newer UK versions of GDPR. Each allows you to manage everything associated with assessing and maintaining compliance with the strict EU and UK General Data Protection Rules (GDPR). The main compliance reports and supporting documentation are automatically modified to address the subtle differences between these two regulations.
NIST CSF COMPLIANCE
The NIST Cybersecurity Framework (CSF) is called the “Swiss Army Knife” of IT Security Requirements. It’s designed to help you comply with the principles and best practices of risk management to improve the security and resilience of any IT environment – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication. Use the complete template we provide, or clone and modify it to create a custom standard that meets your specific needs.
CYBER INSURANCE POLICY COMPLIANCE
There are dozens of major insurance carriers with hundreds of different policies – each with their own specific IT requirements. Compliance Manager GRC includes sample templates of typical standards created from some popular policies which you can use as a starting point. Simply review your policy, clone our sample, and then customize it to match your policy terms by removing requirements you don’t need, or adding others using our extensive controls library.
CMMC 2.0 COMPLIANCE
Every one of the 300,000+ Department of Defense contractors and subcontractors must follow the Cybersecurity Maturity Model Certification process if they want to continue to be awarded new contracts or contract renewals. This is a huge challenge for most MSPs and IT professionals who work at these organizations. Compliance Manager GRC has a team that is constantly monitoring this standard, as it has been changing fast – and radically – in it’s short life. There are separate built-in CMMC 2.0 compliance management templates for both Level 1 and Level 2. You can manage to either one separately, or both at the same time to track your level of compliance at your maturity level increases. All the documents required by the Standard, including the proprietary Risk Score, Plan of Actions & Milestones, and Security System Plan are all automatically generated.
NIST SP 800-171
NIST Special Publication 800-171 was introduced several years ago and required that all organizations who work directly or indirectly with the U.S. government and share Controlled Unclassified Information (CUI) to adhere to the NIST 800-171 standards. Today, many customers and vendors are including NIST 800-171 compliance as part of their contract terms. There are 14 sections of this standard with more than 100 controls that must be implemented to meet the requirements. Compliance Manager GRC includes the complete standard management template, ready to go out-of-the-box. As with all our templates, you can clone this one and modify it to include your own specific control procedures.
NEW STANDARDS COMING SOON!
There are more than 100 different local, regional, and national government standards for IT around the world, and many more standards and best practices put forth by various industries. Using our massive library of common controls, we are rapidly building new templates. See the list below for those under development. But even more exciting is that that will soon be releasing a direct integration with our Compliance Manager GRC community, which will allow users to share the templates that they build with each other.