Internal control system (ICS)
HITGuard's ICS provides support above all in the area of risk treatment and risk monitoring: It ensures that risk treatment measures are processed and documented in a workflow-supported and systematic manner. It also ensures that the implementation of the measures is regularly monitored. Controls are used to ensure the sustainability of risk treatment in the long term. These features are also of the utmost importance in compliance management as well as in the follow-up to audits that have been carried out.
- Workflow-based action and control processing
- Documentation of all steps from implementation to audit behavior
- Regular survey of current progress on measures
- Detailed, traceable logs of checks carried out
- Key figures and meaningful reporting, including a risk control matrix
Controls
Create controls to ensure, for example, that guidelines are adhered to or that checks are carried out for potential vulnerabilities. An inspection is a recurring task that implementers can be reminded to complete at regular intervals. Inspections can be approved or rejected by one or more auditors. Furthermore, the quality of the execution of controls can be evaluated and the degree of maturity of the associated processes can thus be assessed.
- Specify the frequency of inspections and any deadlines for implementers and auditors.
- Schedule automatic email reminders along the workflow and define escalation paths.
- Enrich your evaluations by linking standards and norms with control.
Creating Control
- Define the controls to be carried out in a clear interface, including any attachments.
- Highlight key controls with defined thresholds and dedicated escalation paths in their priority.
- Assign one or more reviewers to the controls and specify how inspections should be performed.
Carry out a check
- In accordance with the principle of minimum information, share only the information with the implementers who need it.
- Receive not only the implementation description from the implementers, but also additional evidence as proof of implementation.
- As an implementer, forward your inspection to the auditor(s) in a workflow-supported manner.
Check control
- As an auditor, accept the execution of an inspection or return it to the implementers for revision.
- Document your work steps with comments in case of acceptance, rejection or return of a check.
- Keep track of everything with the historized audit and change logs for each control.
Measures
Create actions to correct, for example, deviations detected in analyses or to address reported vulnerabilities. A measure is a one-time task that can be repeatedly reminded to be completed before the deadline is reached. The progress of the implementation of the measures is proactively reported by those responsible or demanded by experts. The feedback is accepted or rejected by the experts.
- Record the event at which the necessity of a measure was recognized and thus increase its traceability.
- Define whether it is a matter of correcting or improving a recognized circumstance.
- Enrich your evaluations by linking standards and norms to the measure.
Create a measure
- Create measures for immediate implementation or in advance for planned, later implementation.
- Define the measures to be implemented in a clear interface, including those responsible for them.
- Use the start of the deadline, the end of the deadline, and the plan date to define the intended time horizon for the implementation of the measure.
Report progress
- Report progress in action implementation on demand or proactively at the touch of a button.
- Add evidence as an attachment to the percentage progress and detailed status updates.
- Delegate progress messages to clerks who can answer the queries for you.
Acceptance of measures
- Manage links to any audit questions that need to be re-evaluated by the implementation of the action.
- Automatically send reminders to stakeholders for pending progress messages.
- See the entire implementation history directly in the measure at a glance.
Comprehensive documentation and reporting
HITGuard provides all documentation and a wide range of reports for the various management systems you may operate. The KPIs and reports on measures and controls enrich not only your ICS but also your compliance management, your risk and audit management, as well as the Data protection in your company. Key figures can be compared across several analysis periods in dashboards. This makes it easy to identify development trends in management systems. The history and progress of the management system, for example in relation to risk management, are managed transparently and comprehensibly and can therefore be used for risk monitoring, among other things.
- Comply with your reporting obligations with documentation that can withstand the requirements of certification or audit.
- Export graphs from configurable dashboards or print reports with content that you can customize to suit your needs.
- Filter and analyze hazard situations and associated controls in your own risk control matrix.
Request a non-binding demo now
Find out what the GRC software HITGuard can do for you
Learn more about other modules of HITGuard!
Where, among other things, HITGuard is already proving its worth
Construction industry
approx. 20,000 employees
Auditor
approx. 700 employees
Health service
approx. 18,000 employees
IT Security Solutions
approx. 100 employees
IT Security Solutions
approx. 100 employees
Software House
approx. 400 employees
Event Management
approx. 500 employees
Hospital Operators
approx. 1,600 employees
approx. 6,000 employees
IT Service Providers
approx. 40 employees
Is your industry not listed? Do you need more information? We would be happy to put together individual reference examples for you – please contact us.