Skip to Main Content

Governance, Risk Management & Compliance (GRC)

With today’s regulatory compliance requirements, companies now have a mandated catalyst to become process-centric organizations. iGrafx Business Transformation Platform provides the foundation for organizations seeking a holistic approach to quality governance, risk management and compliance (GRC). We help companies meet the requirements of Sarbanes-Oxley, GDPR, HIPAA, ISO, as well as several healthcare, environmental and other regulations in a structured, controlled and secure way. With iGrafx, companies can confidently develop an integrated view of their business processes and information flows including risk and control points that are necessary for compliance.

Download Product Info Sheet

What iGrafx does for GRC:

  • Understanding of where identified Risk / Controls appear in your business and in which processes.
  • Reusable Risk, Control and Opportunity catalogs.
  • Impact and Gap analysis reporting of Risks.
  • Reporting on Control effectiveness
  • Compliance with requirements for documenting processes through visual process maps
  • Model validation through customizable approval steps
  • Transparency of ownership
  • Process knowledge that is accurate and up-to-date

iGrafx not only forms a basis for the process documentation, but deliberately places the topic of risk management in the foreground. Risks can be assigned directly to processes as well as to other components such as strategies, IT systems and goals, and evaluated comprehensively. The extended risk management also ensures the identification of suitable measures as well as their assessment and the associated risk minimization.  iGrafx provides the ability to identify potential compliance issues by reporting process and risk gaps. Reports then provide an overview of all risks and residual risks in a risk-control matrix.

Get Sustainable risk identification through customized automated workflows with iGrafx ROPE™ Solution.

GRC for Sarbanes-Oxley

iGrafx offers a complete Sarbanes-Oxley governance solution that puts ease of use, capabilities and security where they are needed. Through its modular architecture, companies can ensure that process owners, IT and compliance specialists have the tools they need to contribute to process excellence, without unnecessary capabilities or uncontrolled access that could create conflict with the requirements of the act.

iGrafx also enables companies to integrate their Sarbanes-Oxley requirements with their other process-improvement initiatives such as Six Sigma, Lean and Enterprise Architecture. By providing a single process excellence platform, iGrafx helps companies leverage their efforts to document, improve and manage business processes to deliver superior return on investment.

ISO Compliance

iGrafx has long been an integral part in helping organizations achieve ISO certification. Through a unique, user-friendly suite of process management solutions, iGrafx provides organizations with the ability to document, improve and manage processes in compliance with ISO standards. By instilling a process-centric approach, iGrafx helps companies to leverage and capitalize on the requirements of the standards to implement a broad approach to governance, compliance and process excellence.

HIPAA Compliance

The Health Insurance Portability and Accountability Act went into effect in 1996.  It is a United States legislation that provides data privacy and security provisions for safeguarding medical information.  This means knowing exactly where and when patient data may be exposed.

iGrafx provides the ability to identify what data is being collected within each process or activity and allows you to see who has access to a patient’s data so you can ensure proper security measures and training are in place.

GDPR Compliance

The General Data Protection Regulation (GDPR) went into effect May 25, 2018. This regulation dramatically changed to the way data must be handled and processed in the European Union. EU Citizens will have many rights under GDPR, including (but not limited to):

  • Use or collection of personal information must be fully consented by the individual, and this must be done with a positive, unambiguous opt-in
  • Individuals will be able to request information on the data a company holds on them
  • Individuals can request to be forgotten or removed from all systems
  • The Individual can object to the use of their data in specific ways
  • All data breaches must be announced within 72 hours

GDPR does not only affect businesses in the European Union. If you do business with EU businesses’, EU residents’, or any EU citizens’ data, even if you do not have a physical location in the EU, you will have to comply with the GDPR.  Find out more about the iGrafx GDPR Suite

At iGrafx we do more than just talk about GDPR, we are GDPR Compliant Press Release


Contact iGrafx to Learn More