Features

Loaded With Enterprise-Class GRC Platforms, Yet So Easy To Use!

Compliance Manager GRC is includes powerful features design to deliver the IT security assurance required by any organization. Yet, it’s so easy to use, any non-technical compliance stakeholder can participate in the process.​

And we are committed to continuous innovation to keep pace with the ever-expanding IT security and regulatory environment.​

Vendor & Employee Dashboard Reports

Quickly generate vendor and employee compliance reports and export detailed data into Excel spreadsheets at the click of a button.​

CMGRC Consolidated Dashboard

New consolidated dashboard shows the progress all of these different assessment types at the same time, and in the same place, grouped by standard. And a separate panel on the dashboard shows you the progress across all of the common controls.​​

Enhanced Guided Survey​

Update user interface allows users to use keyboard hotkeys instead of having to click on a radio button to choose responses and then hitting the next button to move to the next question. ​​​

VulScan Itemized Tasks​​

With the integration Compliance Manager GRC users can tap into the most recent scan data pulled by VulScan for a given site and apply it against any standard that is being assessed. Plan of Action and Milestones (POAM) produced by Compliance Manager GRC will include a separate task for each High and Critical vulnerability discovered by VulScan​​​​

PCI-DSS Compliance Management​​​

Keep in compliance with all requirements of PCI with the built-in compliance management template for the top six Self-Assessment Questionnaires (SAQs)​

Cyber Essentials (UK) and Essentials 8 (AU) Standards​​​​

Cyber Essentials is the UK’s de facto basic cybersecurity standard. Compliance Manager GRC can help prepare you for the “self-audit” questionnaire required for certification. Essential 8 is the country-wide cybersecurity maturity model adopted by The Australian Cybersecurity Centre (ACSC). ​​

Integrated BullPhish Training​

This integration brings 60+ different BullPhish ID security awareness training lessons, plus a validation quiz for each, right into the Compliance Manager GRC self-serve end-user portal. ​​​

Back-up Evidence From Datto Continuity ​​

Pull data from the Unitrends back up logs into Compliance Manager GRC to generate evidence of compliance with the back-up requirements of any standards. This integration automates the acquisition of data related to the last backup date for every device backed up using Unitrends, and then generates a Back Up Assurance Report ​ ​​​

Rapid Baseline Assessment​​​

Compliance Manager GRC now has an extra layer of automation to bring all responses and content input during a Rapid Baseline Assessment into the corresponding Controls Assessment for whatever scope is being worked. This streamlined workflow dramatically improves the efficiency of ramping up new compliance management programs.​​​​

CMMC 2.0 Compliance Management Template​

Compliance Manager GRC can now automatically generates a special assessment Scorecard Report from both the NIST 800-171 assessment template and the CMMC 2.0 Level 2 assessment. The report analyzes each individual response and deducts the specified points based on the government’s official scoring rules, and then provides the total score, which is required to be submitted to the official DoD Vendor Certification web site.​

Vendor Self-Serve Portal​

Compliance Manager GRC now includes a “self-service” vendor risk management portal that makes it easy for third parties to complete assessments against any standards selected, by logging into a branded web-based portal and completing the appropriate questionnaires.​​

Role-based Task Assignments​

Assign assessment and remediation tasks to the right individuals based on their role and/or subject matter expertise.​

Intergration with IT Glue​​

Compliance Manager GRC can automatically send reports and documents into IT Glue for long-term storage, organization, and integration with reports and data from other sources. Files sent over to IT Glue are in MS Office format, allowing IT Glue users to store, preview and even edit documents within the IT Glue application.​​

Compliance Management Templates

Built-in management templates for common standards and frameworks

Provides regulations and controls to assess common standards including HIPAA, NIST CSF, CMMC, NY DFS, Cyber Liability Insurance, GDPR, Cyber Essentials, Essential 8, with more being added on a regular basis.​

Supports Any Standard or IT Requirement

Custom templates (standards) can be created using the build-in common controls, and new controls can also be defined and included in the templates/standards.​

Customizable Libraries of Controls, Requirements, and Standards

New feature allows IT professionals – whether they are MSPs or work in IT Departments – to quickly assess their level of compliance with whatever set of IT requirements they specify. ​

Assessment Results presented in Graphical Dashboards

New consolidated dashboard allows users to view the progress of assessments, regardless of the type of assessment being managed. ​

Tracks Common Controls Across Multiple Standards

Control sets from multiple standards can be tracked and managed together. Saves time and allows multiple controls to be assessed and documented at the same time.

Standard Specific Reports

Each Compliance Management Template includes a complete set of standard-specific reports. ​

Automated Compliance Process​

Automated Data Collection​

There are automated data collectors for the LAN, Cloud and individual computers that gather detailed information to be used in the technical assessment.​​

Policies & Procedures Selection and Generation

Dynamically builds a customized policies and procedures manual for each standard managed. ​

Automated Report Generation​

Automatically generates a dynamic set of evidence of compliance and reports for every standard, regulation and security program you manage. ​

Dynamic Plans of Action & Milestones

Automatically create the documentation that details resources required to accomplish the elements of the plan, milestones for meeting the tasks, and the scheduled completion dates for the milestones. ​

Engage The Right People On The Right Tasks With Role Based Task Assignments

Compliance Manager GRC now includes the ability to help IT professionals manage compliance by assigning specific assessment questions to an individual or group of individuals. This allows the IT staff to handle the technical questions and assign the rest to subject matter experts and other stakeholders. The result is assurance that compliance assessments are more accurate and complete.​

Get Started

Self-Serve Brandable Portals

Assessment Results presented in Graphical Dashboards and Brandable Reports

New consolidated dashboard allows users to view the progress of assessments, regardless of the type of assessment being managed.​

Employee Policy Review/Acceptance Portal​

Supports the ability to “turn on” a branded Employee/End User Self-Serve Portal to help meet common compliance requirements.​ ​

3rd Party Vendor Assessments & Compliance​​

Includes a “self-service” vendor risk management portal that makes it easy for third parties to complete assessments against any standards you pick​​

Role Based Task Portal

​Any Person with an assessment question to answer, or task to do, can access a personal “My Work” portal to access the task.

Integrations

VulScan Integration​

Data from VulScan internal and/or external scans can be imported to be included in the Technical Risk reports and the POA&M to document risks.​

BullPhish Training Integration

Integration with BullPhish ID provides access to over 50 additional training videos that can be used in the Employee Portal to educate employees on additional security and compliance topics.​​

IT Glue Integration – IT Glue (Document Links) & Export Reports​

Import technical documents about a sites IT resources from IT Glue as attachments into your Compliance Manager GRC assessment worksheets and surveys. Also Export the reports from an assessment into IT Glue. ​ ​

Billing Integration​

Automatically update the BMS contract with billing data from the site, such as number of users, based on successful scan/assessment data.​

Backup Integrations

If you subscribe to Unitrends backup services, you can import data from Unitrends into your Compliance Manager GRC assessments. This allows you to automatically gather data regarding device backups during the Technical Review in the Asset Inventory Worksheet.

Integration with VSA Agents for Local Data Collection

VSA Agents can run the Compliance Manager GRC local data collectors and upload the information into the assessment.

Manage Vendor Risk with New “Self-Serve” Portal​ ​

Compliance Manager GRC now includes a “self-service” vendor risk management portal that makes it easy for third parties to complete assessments against any standards you pick, by logging into a branded web-based portal and completing the appropriate questionnaires. You can optionally require the vendors to also upload their evidence of compliance.​

Get Started

Additional Features​

Role-based Architecture

Ensures most accurate answers since the person responsible and with knowledge answers the questions. For MSPs, this also saves time since they do not need to address the worksheets assigned to others at the company.​

Scanless Rapid Baseline Assessment Questionnaires​

Guided questionnaires to quickly determine whether you meet the difference requirements of any control ​

Built-in End-User Training, Tracking & Reporting​​

Ensures and documents that all employees have completed the training as part of the compliance requirements.​ ​

Customizable Libraries of Controls, Requirements, and Standards

This allows for the tracking and remediation of compliance issues for multiple standards at the same time, dramatically reducing risk through improved and more efficient compliance management​

Tracks Common Controls Across Multiple Standards​

Eliminates duplication of effort managing the same control for multiple standards.

Advantages​

  • Anytime you take advantage of the custom standard creation feature of Compliance Manager GRC – for example, if you create a standard to manage your own internal IT security program – Compliance Manager GRC will create a customized manual to document it.
  • Anytime you make a change to your process in Compliance Manager GRC – like adding a new requirement or changing the procedures you follow – the Policies & Procedures Manuals are automatically updated the next time you generate them.​

Management of Custom Controls and Standards​

Compliance Manager GRC is a process architecture that accommodates the management of multiple compliance standards. It also provides users that ability to generate custom standards based on common controls.

It allows IT professionals – whether they are MSPs or work in IT Departments – to quickly assess their level of compliance with whatever set of IT requirements they specify. ​

The software includes a web-based dashboard that allows the IT professional to track and remediate compliance issues for multiple standards at the same time, dramatically reducing risk through improved and more efficient compliance management.​

Dynamic Policies and Procedures Creation​

With this latest release, Compliance Manager GRC dynamically builds you a customized policies and procedures manual for each standard you are managing, and the manual reflects any adjustments that you make to the procedures you follow.

Complete​

Covers every standard, including industry frameworks and custom requirement sets.​

Automated​

Automated data collection, processing and report-generation.​

Priced Right​

The most affordable enterprise-class GRC platform available.​

Overcome the Biggest IT Challenges and Responsibilities

  • Reduce Risk
  • Reduce Complexity
  • Save Money
Get a Demo