Management System GRC Compliance Tool


Defining and controlling objectives with KPIs and transparency

Top Management buy-into is important for your management system. under-controls allows you to define objectives and bind them to key performance indicators (KPIs) and view everything in a dashboard. This way organizations can effectively track and follow their objectives to measure, visualize and reach compliance within the management system. Through this feature, you can set and control the desired objectives for your organisation’s GRC Compliance Tools process.

Plan and track measures, perform risk assessment and audits

Organizations can track measures and create an individual to-do list for each user which includes notification and scheduled tasks. With under-controls, organizations can also manage incidents and awareness trainings, create risks and corresponding mitigations for risk derived frmo the risk management process, visualize risk in a risk matrix and create and maintain an asset inventory. You are also able to track audits and maturity and document management reviews.

Setting up your System of Controls, defining your GRC framework

For all management systems, a customized control framework (CCF) helps to stay compliant with standards like SOC, ISO, PCI DSS, Data Protection and more. under-controls allows the definition of a flexible control catalog. It then will be mapped to existing control standards. Through filter options, it is easy to create a statement of applicability and other reports necessary for communication. under-control is configured to start with standard for

  • ISO 9001
  • ISO 14001
  • ISO 50001
  • ISO 27001
  • BSI IT-Grundschutz.

Hence, allowing you to set up your GRC framework with adequately controls based on the selected standards.

Managing requirements and evidence for Audits for Management Systems such as ISO, SOC 2, Data Protection and more

For most management systems, it is necessary to prove compliance through auditing. Auditors need to collect evidences regularly. With under-controls you can collect evidence (e.g. files, screenshots, etc.) and map it to existing requirements to being well prepared for audits. You can plan and track audit results from internal or external audits over time and document non-conformities.

Track regulatory, contractual and legal requirements

An up-to-date compliance register is necessary to identify all requirements within management systems. With under-controls it becomes easy to track requirements coming from laws and regulations as well as contracts. With under-controls, you can connect these with existing controls and measures. Tracking all the compliance requirements will be beneficial for audits as well as imporving the maturtity of your processes.

Tracking suppliers with the Supplier Management Process

It is vital to prove that vendors/suppliers are compliant with quality requirements, requirements in the context of data protection, and service levels required by information security standards. Supply Chain Security and risks based on that become especially important after NIS2-Guideline is active. With under-controls suppliers can be audited by defining questionnaires, sending them, and getting a response directly in the GRC tools. Supplier auditing becomes easy and will help organizations secure the supply chain.

Coaching and Consulting including internal audits

Upon request, our experts are available to answer your questions. You can use our forum to discuss general questions or book a direct online session with us to discuss detailed aspects.
Our experts are ready for your internal audit and improvement processes

Security and Privacy

Our app meets the security requirements of the GDPR regarding data protection. The data is located within the EU, the company headquarters is in Germany. Your data is encrypted and cannot be read by our employees.

Scroll to Top