
Defining and controlling objectives with KPIs and transparency
Top Management buy-into is important for your management system. Under-Controls allows you to define objectives and bind them to key performance indicators (KPIs) and view everything in a dashboard. This way organizations can effectivly track and follow their objectives to measure, visualize and reach compliance within the management system. Through this feature, you can set and control the desired objectives for your GRC-process of your organization.
Plan and track measures, perform risk assessment and audits
Organizations can track measures and create an individual to-do list for each user which includes notification and scheduled tasks. With Under-Controls management system, organizations can also manage incidents and awareness trainings, create risks and corresponding mitigations for risk derived frmo the risk management process, visualize risk in a risk matrix and create and maintain an asset inventory. You are also able to track audits and maturity and document management reviews.


Setting up your System of Controls, defining your GRC framework
For all management systems, a customized control framework (CCF) helps to stay compliant with standards like SOC, ISO, PCI DSS, Data Protection and more. Under-Controls management system allows the definition of a flexible control catalog. It then will be mapped to existing control standards. Through filter options, it is easy to create a statement of applicability and other reports necessary for communication. Under-Control management system is configured to start with standard for ISO 9001, ISO 14001, ISO 50001, ISO 27001, TISAX, SOC2 (TSC), PCI-DSS, and BSI IT-Grundschutz. Hence, allowing you to set up your GRC framework with adequately controls based on the selected standards.
Managing requirements and evidence for Audits for Management Systems such as ISO, SOC 2, Data Protection and more


Track regulatory, contractual and legal requirements
Tracking suppliers with the Supplier Management Process
It is vital to prove that vendors/suppliers are compliant with quality requirements, requirements in the context of data protection, and service levels required by information security standards. Supply Chain Security and risks based on that becomes especially important after NIS2-Guideline is active. With Under-Controls management system suppliers can be audited by defining questionnaires, sending them, and getting a response directly in the GRC tool. Supplier auditing becomes an easy task and will help organizations to secure the supply chain.


Coaching and Consulting including internal audits
Upon request, our experts are available to answer your questions. You can use our forum to discuss general questions or book a direct online session with us to discuss detailed aspects.
Our experts are ready for your internal audit and improvement processes.

Our app meets the security requirements of the GDPR regarding data protection. The data is located within the EU, the company headquarters is in Germany. Your data is encrypted and cannot be read by our employees.