Features
Loaded With Enterprise-Class GRC Features, Yet So Easy To Use!
Compliance Manager GRC includes powerful features designed to deliver the IT security assurance required by any organization. Yet, it’s so easy to use, any non-technical compliance stakeholder can participate in the process.
Stay compliant today, and tomorrow, with our continuous innovation process that keeps pace with the ever-expanding IT security and regulatory environment.
Our Continuous Innovation
Take a peek at some of our latest new features:
Released July 27th
The Kaseya Cybersecurity Fundamentals is a streamlined framework tailored for swift implementation using Compliance Manager GRC. This entry-level standard is inspired by the NIST Cybersecurity Framework's core principles, while harnessing the full power of Compliance Manager GRC's automated data collection features.
Released June 29th
Compliance Manager GRC supports the AICPA Trust Services Criteria for SOC 2. The software includes a built-in IT compliance process template for SOC 2 that dramatically streamlines the collection of documentation neccessary for a SOC 2 examination.
Released June 29th 2023
Compliance Manager GRC now supports South Africa's national consumer protection standard -- The Protection of Personal Information Act (POPIA). It includes all of the IT security requirements as detailed in Condition 7 of the law, making it easy for IT professionals and MSPs to achieve compliance.
Released June 23rd 2023
Through a seamless workflow automation, sensitive information stored in Datto Workplace is identified and incorporated into Compliance Manager GRC's Sensitive Data Assessment reports and worksheets. Data collected includes the type of sensitive data discovered, permissions, file locations, and more.
Released June 8th 2023
Compliance Manager GRC includes purpose-built data scanners that identify files that contain a variety of sensitive data types and includes the results in worksheets and reports required by different government and industry standards. It also identifies which drives are encrypted.
Released April 20th 2023
The FTC Compliance Management Template enables users to perform assessments their compliance with the FTC Safeguards Rule, a US regulation covering anyone with access to consumer personal financial information. It requires them to implement, and maintain a comprehensive information security program to protect customer information.
Released April 13th 2023
This feature allows you to override the default Compliance Manager GRC guidance content found in Compliance Manager GRC Standards and Controls with your own custom guidance. Custom guidance will be available when performing Rapid Baseline Assessments, Controls Assessments, and Requirements Assessments.
Released April 13th 2023
Compliance Manager GRC supports the CIS Critical Security Controls, Version 8 (CIS v8) cybersecurity framework. There are three separate templates for each of the three main Implementation Groups (IG) included in the framework.
Released April 13th 2023
Custom Policies and Procedures enable users to create, modify, and instantly publish custom policy and procedure text in Compliance Manager GRC generated documents, streamlining the process of aligning your organization's existing policies with the tool's capabilities.
Released March 30th 2023
This new feature accelerates the gathering of backup status for Microsoft 365 and Google-based assets from Datto SaaS Protection, streamlining the Compliance Manager GRC assessment process. The result is saved time, enhanced accuracy, and freed-up resources for Compliance Manager GRC customers.
Compliance Management Templates
Built-in management templates for common standards and frameworks
Provides regulations and controls to assess common standards including HIPAA, NIST CSF, CMMC, NY DFS, Cyber Liability Insurance, GDPR, Cyber Essentials, Essential 8, with more being added on a regular basis.
Supports Any Standard or IT Requirement
Custom templates (standards) can be created using the build-in common controls, and new controls can also be defined and included in the templates/standards.
Customizable Libraries of Controls, Requirements, and Standards
New feature allows IT professionals – whether they are MSPs or work in IT Departments – to quickly assess their level of compliance with whatever set of IT requirements they specify.
Built-in Standards, Requirements & Controls.
Compliance Manager GRC has dozens of major government and industry standards built into the platform that includes all of the requirements and controls specific to each standard pre-set and ready to use out of the box. You can also create your own standards and customize or create any requirement or controls to match your specific policies and procedures. Watch the video.
Assessment Results presented in Graphical Dashboards
New consolidated dashboard allows users to view the progress of assessments, regardless of the type of assessment being managed.
Tracks Common Controls Across Multiple Standards
Control sets from multiple standards can be tracked and managed together. Saves time and allows multiple controls to be assessed and documented at the same time.
Standard Specific Reports
Each Compliance Management Template includes a complete set of standard-specific reports.
Multiple Assessment Types.
Just getting started and want to perform a Rapid Baseline Assessment to see where you stand? Compliance Manager GRC has the solution. Then, when you are ready to do a full Requirements or Controls Assessment with automated data collection, you’ll be able to build on what you started. Watch the video.
Automated Compliance Process
Automated Data Collection
There are automated data collectors for the LAN, Cloud and individual computers that gather detailed information to be used in the technical assessment.
Policies & Procedures Selection and Generation
Dynamically builds a customized policies and procedures manual for each standard managed.
Automated Report Generation
Automatically generates a dynamic set of evidence of compliance and reports for every standard, regulation and security program you manage.
Dynamic Plans of Action & Milestones
Automatically create the documentation that details resources required to accomplish the elements of the plan, milestones for meeting the tasks, and the scheduled completion dates for the milestones.
360-Degree Automated Data Collection.
Compliance Manager GRC has the industry’s most comprehensive set of automated data collection tools to dramatically cut the time it takes to assess and audit compliance with any standard. Collect IT and security data from networks, computers, users, on prem, in the cloud, on remote machines. You can also collect data on Windows machines using light-weight Discovery Agents included with the platform. Please watch the video for more information.
Self-Serve Brandable Portals
Assessment Results presented in Graphical Dashboards and Brandable Reports
New consolidated dashboard allows users to view the progress of assessments, regardless of the type of assessment being managed.
Employee Policy Review/Acceptance Portal
Supports the ability to “turn on” a branded Employee/End User Self-Serve Portal to help meet common compliance requirements.
3rd Party Vendor Assessments & Compliance
Includes a “self-service” vendor risk management portal that makes it easy for third parties to complete assessments against any standards you pick
Role Based Task Portal
Any Person with an assessment question to answer, or task to do, can access a personal “My Work” portal to access the task.
Additional Features
Role-based Architecture
Ensures most accurate answers since the person responsible and with knowledge answers the questions. For MSPs, this also saves time since they do not need to address the worksheets assigned to others at the company.
Scanless Rapid Baseline Assessment Questionnaires
Guided questionnaires to quickly determine whether you meet the difference requirements of any control
Built-in End-User Training, Tracking & Reporting
Ensures and documents that all employees have completed the training as part of the compliance requirements.
Customizable Libraries of Controls, Requirements, and Standards
This allows for the tracking and remediation of compliance issues for multiple standards at the same time, dramatically reducing risk through improved and more efficient compliance management
Tracks Common Controls Across Multiple Standards
Eliminates duplication of effort managing the same control for multiple standards.
Done-For-You Compliance Documentation.
Policies & Procedures Manuals, Plans of Action & Milestones, Technical Assessment Reports, Evidence of Compliance . . . Compliance Manager GRC generates all of these customized documents dynamically based on the latest information available, all automatically and on-demand. Watch the video.
Manage Vendor Risk with New “Self-Serve” Portal
Compliance Manager GRC now includes a “self-service” vendor risk management portal that makes it easy for third parties to complete assessments against any standards you pick, by logging into a branded web-based portal and completing the appropriate questionnaires. You can optionally require the vendors to also upload their evidence of compliance.
Get StartedIntegrations
VulScan Integration
Data from VulScan internal and/or external scans can be imported to be included in the Technical Risk reports and the POA&M to document risks.
BullPhish Training Integration
Integration with BullPhish ID provides access to over 50 additional training videos that can be used in the Employee Portal to educate employees on additional security and compliance topics.
IT Glue Integration – IT Glue (Document Links) & Export Reports
Import technical documents about a sites IT resources from IT Glue as attachments into your Compliance Manager GRC assessment worksheets and surveys. Also Export the reports from an assessment into IT Glue.
Billing Integration
Automatically update the BMS contract with billing data from the site, such as number of users, based on successful scan/assessment data.
Backup Integrations
If you subscribe to Datto or Unitrends backup services, you can automatically import back-up log data into your Compliance Manager GRC assessments. This allows you to easily gather evidence of backup compliance during the Technical Review in the Asset Inventory Worksheet.
Integration with VSA Agents for Local Data Collection
VSA Agents can run the Compliance Manager GRC local data collectors and upload the information into the assessment.
Engage The Right People On The Right Tasks With Role Based Task Assignments
Compliance Manager GRC now includes the ability to help IT professionals manage compliance by assigning specific assessment questions to an individual or group of individuals. This allows the IT staff to handle the technical questions and assign the rest to subject matter experts and other stakeholders. The result is assurance that compliance assessments are more accurate and complete.
Get Started
Advantages
- Anytime you take advantage of the custom standard creation feature of Compliance Manager GRC – for example, if you create a standard to manage your own internal IT security program – Compliance Manager GRC will create a customized manual to document it.
- Anytime you make a change to your process in Compliance Manager GRC – like adding a new requirement or changing the procedures you follow – the Policies & Procedures Manuals are automatically updated the next time you generate them.
Management of Custom Controls and Standards
Compliance Manager GRC is a process architecture that accommodates the management of multiple compliance standards. It also provides users that ability to generate custom standards based on common controls.
It allows IT professionals – whether they are MSPs or work in IT Departments – to quickly assess their level of compliance with whatever set of IT requirements they specify.
The software includes a web-based dashboard that allows the IT professional to track and remediate compliance issues for multiple standards at the same time, dramatically reducing risk through improved and more efficient compliance management.
Dynamic Policies and Procedures Creation
With this latest release, Compliance Manager GRC dynamically builds you a customized policies and procedures manual for each standard you are managing, and the manual reflects any adjustments that you make to the procedures you follow.
Complete
Covers every standard, including industry frameworks and custom requirement sets.
Automated
Automated data collection, processing and report-generation.
Priced Right
The most affordable enterprise-class GRC platform available.
Overcome the Biggest IT Challenges and Responsibilities
- Reduce Risk
- Reduce Complexity
- Save Money
