SeCube GRC can support an organization’s quality control system with the following activities:
- Modelling organizational processes and dependencies (Inventory)
- Quality control internal audit management (Compliance)
- Business risk analysis (Risk)
The above activities can be managed in a uniform manner and integrated with the information security management system processes under ISO27001.
SeCube’s modular structure also supports partial modular use based on requirements.
Process and organizational operations modelling
In the Inventory, resources and business/production processes as well as their dependency relations can be defined and displayed in visual dependency graphs. The Inventory function can be used to model the details of company operations and processes, and/or the functioning of IT systems. The process records can be freely customized together with quality control attributes.
Compliance and Audit assessments
The Compliance module supports the keeping of control compliance with the requirements of the ISO9001 standard and can also be used to structure the regulation and requirement system for the company’s own quality control system as well as internal audit assessments. Internal audit packages with any scopes and periods can be launched for the company’s own regulatory system. This implements and tracks the internal audit activities required by the ISO standard. Action plans can be prepared for the rectification of deficiencies identified by internal audits, and their implementation can be monitored. The reports available in the software can be used to present internal audit and compliance activities in an auditable manner, for the purposes of ISO audits.
The Compliance module can be used to run other compliance and audit analyses (e.g. ISO27001) with integrated deficiency and compliance management.
If the organization uses a process-based risk management procedural order as part of its quality control system, the Risk module can be used to implement the business risk management activity.
The software’s risk analysis function enables the uniform support of the organization’s various types of risk analysis. The different types of risk analyses in a number of different areas can be run concurrently, the results of which can be managed in a uniform approach in the interest of implementing and supporting integrated comprehensive enterprise risk management (ERM). One or more, separately managed risk analysis threads/packages can be launched in the RISK module, with separate responsible persons and assessors. These can be various types of risk analyses or the separate risk analyses of separate areas.
The scope of the various risk analyses can be flexibly adjusted as regards threats and/or resources, so full-scale or partial (or ad hoc)/project-based risk analyses can be performed as well, or the security of other company areas (IT, physical, human resource, business security, and data protection) can also be taken into assessment. The risk analysis can be carried out periodically or continuously according to the needs of the organization.
The fundamental risk analysis methodological parameters and risk calculation methods can be widely customized in the software, providing an opportunity to take the organization’s attributes and the requirements of certain parent companies or legislation into account. The interpretation of effects and damages can be fully tailored to an organization and its environment (material damages, damages to goodwill, legal consequences, quality deterioration, personal injury, etc.).
Various analysis reports can be used to evaluate the risks identified in the course of the risk analysis and to make risk management decisions. Detailed measures can be planned for the risks. The implementation of task management functions assists in risk management measures with the use of responsible persons, statuses, email notifications, and reports that support even time comparisons (status as at the analysis, current date status, future planned status). The aim of risk management and reporting functions is the continuous management of the company’s risk-proportionate protection. Comprehensive text-based (docx) Risk analysis reports can be generated on the entire risk analysis and management status.