We receive questions from our customers that we would like to share with you. There is no particular order so just use keywords to find answers to similar questions.

The deployment must have minor business impact, minimum operational impact, and reduced organizational coordination.

The organization will not have a deployment, operational or implementation impact. Continuum GRC is a FedRAMP Authorized SaaS solution in the GovCloud. The company is responsible for the deployment which typically takes 2-24 hours before the client may gain access to the fully functional system.

The implementation requirements include required user account creation and notification email addresses for system notifications at a minimum. Any additional integration setup for SAML SSO, MFA and any organizationally adjusted site parameters within the Continuum GRC SaaS would take minutes to define.

Vendor to demonstrate they have sound professional service resource(s), potentially through a highly capable partner.

Continuum GRC employs in-house technical service employees as well as well-trained service partners covering all aspects of our customer commitments. A few channel partners have certified installation, training, custom development, administration support and fully managed options.

Continuum GRC’s Training & Orientation offerings include online training videos and literature, online orientation videos and literature, virtual 2-Day Boot Camp options, on-site 2-Day Boot Camp options, on-demand time and materials-based consulting sessions, and Certification Options for both the (CGRCP) Continuum GRC Professional and the (CGRCA) Continuum GRC Administrator.

Ability to deploy the solution with all GRC capabilities and subscriptions within reasonable time as long as it does not compromise any of the GRC capabilities. 

Continuum GRC is a FedRAMP Authorized SaaS solution in the GovCloud. The company is responsible for the deployment which typically takes 2-24 hours before the client may gain access to the fully functional system.

All governance, risk, and compliance modules are fully functional and deployed at the same time as the base system.

The product must offer a high degree of usability to support a broad spectrum of users

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides robust role-based access to the system resources allowing for the granular provisioning of risk and security assessment modules, compliance and audit modules, policy development and management features, form-questionnaire-module development tools and a plethora of other system features.

Continuum GRC forms-questionnaires-modules offer intuitive, logic-driven, customizable user experiences that are only limited by the user’s creativity.

The product should be able to provide interfaces for integration with other  systems and applications

 The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides feature-rich interfaces through pre-built integrations, form-questionnaire-module customizations, templated variables, parameter values, data webhook rules enabling logic triggers, and custom notification rules. Use HTTP Authentication, Custom HTTP Headers, Data Formatting, Key-Value Pairs, Raw Data, and other API-driven capabilities.

Additionally, our dynamic data import tool allows for the importation and automatic form-questionnaire-module building creation to migrate from legacy applications into the automated power of Continuum GRC.

The solution to demonstrate central reporting capability can be highly customizable, scheduled, or ad-hoc.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides extensive on-board reporting and audit logging features all of which may be sent to external integrated applications.

Create hundreds of dashboards and reports with many popular pre-built dashboards, but also end-user-defined reports that may be focused on the macro-level down to the micro-level.

The solution must provide clear and easy-to-understand built-in reports that will add value to the incident response process.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create an incident response workflow with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

The solution must provide an effective workflow engine that automates the management and distribution of task and works items and provides the ability to monitor the process

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module workflows that may be delegated, monitored, reported, and dashboarded. Extensive audit logging allows for performance monitoring of system resources and system users. Boolean logic features allow for precise rule creation to alert the designated team members and transfer the right data points to additional forms, reports, dashboards, external integrations, and many other user-defined workflows.

The solution must provide robust document management functionality that can track changes to documents as well as who made the changes.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides a Blockchain Cryptographic Chain-of-Custody Evidence Management capability that associates system documents and all files in the system with a specific system user.

All Continuum GRC form-questionnaire-modules have document production capabilities with outputs such as Word, Excel, PDF, and other document outputs. The Document Manager within the system allows for customary document and file management features.

The Template Manager allows for rich-text document creation and management capabilities for Rapid Document Generation, Digital Signatures, Change Detection Indicators, OSCAL, Multipart Excel, Word, CSV Spreadsheet, PDF, and TXT Document Output (POA&M, SSP, etc.), Easy Branding and Formatting.

The solution is to demonstrate a central repository for collecting, maintaining, and analysis of risk data.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides familiar form-questionnaire-module style inputs for the collection, maintenance, management, and analysis of risk assessment datasets.

Our popular two-click navigation Risk Heatmaps take you to your priority requirements quickly. Review dashboards such as the Consolidated Executive Review, Compliance Status, Risk Rating, Maturity Rating, Task and Deliverable Reports, Gap Reports, and Timeline Performance with Real-Time Charts, Graphs, and Maps.

Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting.

Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations.

The solution must provide robust support for various control frameworks (NIST CSF, NIST 800-53, etc.). The solution should be able to provide updates for these frameworks as they are made available.

Continuum GRC has auto-mapped the world's standards and frameworks seamlessly together. These are the most requested modules, but certainly not our entire inventory.

FedRAMP, StateRAMP, EUCS, PCI ROC & SAQ, SSAE 18 SOC 1, & SOC 2, CONMON, POA&M, CSF, CJIS, DFARS NIST 800-171, CMMC, C5, ISO 27001, 27005, 27017, 27018, 17020, 17021, 17025, 17065, HIPAA NIST 800-66, NIST 800-53, NERC CIP & 693, COSO, SEC, NFA, & FINRA, CIS, CTPAT, Cyber Essentials, FDA 21, FIPS 199, NIST 800-30, NIST 800-37, COSO ERM, Third-Party Risk Assessments, Vendor Risk Assessments, Physical Security Risk Assessments, Site Visit Risk Assessments, GDPR, CCPA, DPIA and more.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create any framework requirement with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

The solution must provide efficient processes and functions to collect, manage and report on exceptions to the controls identified at the agency.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides the Action ITAM and Status Indicator features that make it easy to identify exceptions, document exceptions, assign to one or more responsible users, notify all assigned and responsible parties, display through user-specific Priority Dashboards and consolidated team Action ITAM reports and Status Indicator reports making it easy to identify priorities and accountability.

Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations all from within the Continuum GRC SaaS.

The solution must have a robust built-in analytics library to support reporting and analysis.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides extensive on-board reporting features all of which may be sent to external integrated applications.

Create hundreds of dashboards and reports with many popular pre-built dashboards, but also end-user-defined reports that may be focused on the macro-level down to the micro-level.

Our patent-pending Nested Entities and Crossview risk heatmaps give users a high-level graphical understanding of risk and compliance inside the organization and across multiple teams and organizations all from within the Continuum GRC SaaS.

Analyze automatic scorecards, calculations, real-time dashboards, cross-dataset reporting, dashboards, and analysis views.

The solution to demonstrate the ability to support customization based on end-user input.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation and customization tools that are drag-and-drop and easy to use.

System administrators are able to easily customize any form-questionnaire-module including those provided by Continuum GRC with any level of customization based on the organization’s end-user inputs.

The Continuum GRC platform was designed to provide an enormous customization capability without requiring any complex programming or professional support services.

Vendor to demonstrate the solution has the Network threat/anomaly detection capability.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides integration support to a variety of network threat/anomaly detection tools. Once the automated integration inputs this data into the systems intake forms-questionnaires-modules then the logic trigger functionality takes over.

System administrators establish simple Boolean rules to trigger events and provide real-time alerts, notifications, reports, and dashboards keeping users informed and up to date.

The solution should provide formal support and triage Service Level Agreement (Ideally 4 Hours).

Continuum GRC standard support options include:

  • 24/7 Online Continuum GRC Service Manager is available to all subscribers.

  • 24/7 Call +1 (888) 896-6207 for Continuum GRC customer service.

  • 24/7 Online Continuum GRC knowledge base for all subscribers.

  • 24/7 Online Continuum GRC Administration Manual for all subscribers with dedicated hosting.

  • 24/7 Dedicated Service Agent for all subscribers with dedicated hosting.

  • 24/7 Custom Service Level Agreements (SLA) available with dedicated hosting agreements available which would include a 4-Hour response time if required.

Provide the ability to create custom rules for suspicious behavior of processes and network communication.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides integration support to a variety of network threat/anomaly detection tools. Once the automated integration inputs this data into the systems intake forms-questionnaires-modules then the logic trigger functionality takes over.

System administrators establish simple Boolean rules to trigger events and provide real-time alerts, notifications, reports, and dashboards keeping users informed and up to date.

The solution is to demonstrate they have a centralized functional, highly granular management (preferably cloud-based), and easy-to-use central management/dashboard that shows appropriate information to address different levels of requirements from technical to governance levels.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides robust role-based access to the system resources allowing for the granular provisioning of risk and security assessment modules, compliance and audit modules, governance and policy development, management features, form-questionnaire-module development tools and a plethora of other system features.

The solution is to demonstrate a flexible licensing model that addresses business requirements.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides a flexible licensing model that is ala carte and allows organizations to grow with the platform. Continuum GRC is a modular solution.

First, select a hosting option. Organizations with Federal and or CUI data will need FedRAMP Authorized AWS GovCloud hosting, otherwise, AWS hosting is just right. Deployment typically is between 2-24-Hours for a fully operational system.

Second, select the access options you need. How many administrators, examiners, users, and entity groups do you need? Provisioning these takes just minutes within the Continuum GRC Access Control portal.

Finally, what modules within the categories of Audit & Compliance Frameworks Modules, Risk Assessment & Management Modules, Governance & Policy Development Modules, and any Custom created modules does your organization need? These are deployed in just minutes for stock inventory modules. Custom-created modules are projects planned with an organization but typically take a few days to a week or so for most deliverables.

The solution to demonstrate that the solution supports easy-to-manage patching and sufficient self-updating. Updates should require minimum interaction from Lab resources.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides a fully managed solution that does not require an organization to maintain, patch, or upgrade its system. Continuum GRC support takes care of all updating including frameworks and inventory modules.

Organizations will maintain their own internally created modules and settings, but all other aspects of the Continuum GRC are managed by Continuum GRC.

Vendor to demonstrate that the solution requires minimum effort to develop personnel skills and expertise to maximize the GRC investment.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides an intuitive user and management interface. While Continuum GRC offers many training & orientation offerings include online training videos and literature, online orientation videos and literature, virtual 2-Day Boot Camp options, on-site 2-Day Boot Camp options, on-demand time and materials-based consulting sessions, and Certification Options for both the (CGRCP) Continuum GRC Professional and the (CGRCA) Continuum GRC Administrator, customers rarely find it necessary to purchase enhanced training.

Ability to integrate with existing enterprise tools.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides feature-rich interfaces through pre-built integrations, form-questionnaire-module customizations, templated variables, parameter values, data webhook rules enabling logic triggers, and custom notification rules. Use HTTP Authentication, Custom HTTP Headers, Data Formatting, Key-Value Pairs, Raw Data, and other API-driven capabilities.

Additionally, our dynamic data import tool allows for the importation and automatic form-questionnaire-module building creation to migrate from legacy applications into the automated power of Continuum GRC.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

The solution must have a mature, open, secure, and easy-to-use API capability that allows the company to securely leverage the solution API capability to develop and integrate with other enterprise systems.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

Ability to integrate with other enterprise tools.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides feature-rich interfaces through pre-built integrations, form-questionnaire-module customizations, templated variables, parameter values, data webhook rules enabling logic triggers, and custom notification rules. Use HTTP Authentication, Custom HTTP Headers, Data Formatting, Key-Value Pairs, Raw Data, and other API-driven capabilities.

Additionally, our dynamic data import tool allows for the importation and automatic form-questionnaire-module building creation to migrate from legacy applications into the automated power of Continuum GRC.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

Vendor to demonstrate they have an appropriate data architecture showing what data is stored and where it is stored; and how data is protected against loss of integrity or availability.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides data architecture that is authorized to the Moderate impact level. Our Package ID is FR1915750265. The Agency may use the FedRAMP Package Access Request Form to review the full FedRAMP Authorization details.

Ability to securely retain data for an appropriate period of time that meets business requirements. Further, data retention should be customizable.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption on all database data and file-based data is fully backed up on a daily basis. On a weekly basis, the full system is images and stored in our GovCloud West hot storage Location. Also on a weekly basis, our full system images are stored simultaneously stored in our GovCloud East cold storage. Data does not leave our GovCloud FedRAMP Authorized boundary.

The Continuum GRC FedRAMP Authorized Package ID is FR1915750265 and contains additional information regarding our data retention and preservation implementations. The Agency may use the FedRAMP Package Access Request Form to review the full FedRAMP Authorization details.

Vendor to demonstrate they have the capability to provide 24x7 support in the servicing the Central time zone and are able to respond in a timely manner. Ideally 4-hour response time and the ability to quickly escalate critical incidents.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides standard support options that include:

  • 24/7 Online Continuum GRC Service Manager is available to all subscribers.

  • 24/7 Call +1 (888) 896-6207 for Continuum GRC customer service.

  • 24/7 Online Continuum GRC knowledge base for all subscribers.

  • 24/7 Online Continuum GRC Administration Manual for all subscribers with dedicated hosting.

  • 24/7 Dedicated Service Agent for all subscribers with dedicated hosting.

  • 24/7 Custom Service Level Agreements (SLA) available with dedicated hosting agreements available which would include a 4-Hour response time if required.

Vendors to demonstrate they have a clear view of the product roadmap and vision. The solution should not be scheduled or potentially scheduled for the End of the Sale or End of Support within 5 years.

The Continuum GRC maintains a rolling three-year product roadmap with no End of Life defined. We are a privately owned sole-source provider and have no external debt or outside investors. We are only beholden to our customers to provide the best long-term solutions.

Should be well positioned within the most recent Gartner GRC quadrant.

Continuum GRC does not pay Gartner to appear on the quadrant list. We do not pay-to-play with for-profit reporting organizations.

 

Ability to seamlessly migrate archived audit management software files (TeamMate AM) into usable and accessible format for document retention purposes.

Easily import external data sources through our patent pending Dynamic Integrator functionality, through custom API integrators, and through our OpenAPI capabilities which suit most data transactions between external systems, legacy systems, and even raw inputs.

Ability to seamlessly migrate current (open) audit management software files (TeamMate AM) into live usable files in the ASP.

Easily import external data sources through our patent pending Dynamic Integrator functionality, through custom API integrators, and through our OpenAPI capabilities which suit most data transactions between external systems, legacy systems, and even raw inputs.

Ability to be hosted initially on premises with the ability to move to a cloud environment during the course of the contract (if desired).

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Ability to test prior to patch/upgrade installations to production environment

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Compatible with Windows 10 and higher

As a FedRAMP Authorized SaaS solution, this requirement is not necessary however, common browsers supported by Windows 10 or higher are supported.

Compatible with MS Office 365

As a FedRAMP Authorized SaaS solution, this requirement is not necessary however, the output reports and templates are all compatible.

Compatible with Windows Server 2016 and above

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Scalable from 50 to 500 users

The Continuum GRC SaaS solution will accommodate this and more. Simple licensing accounts for the number of users and the system performance requirements.

Able to produce audit performance metrics

The Continuum GRC SaaS solution maintains real-time audit logs on all users to be analyzed as needed by administrators and examiners. These reports may also be exportable for further analysis.

Perform well in Virtual Machines and/or Virtual Desktop Infrastructure (VDI)

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Support for PIV cards

The SAML integration feature allows for the connection to internal or external SP-IDP systems that support CAC PIV functionality.

Ability to handle slow or latent connections through VPN or remote connections

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Ability to install client software with single installation package distributed via System Center Configuration Manager (SCCM)

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Full logging of system configuration changes and user activity, including deletions

All administrators and examiners in the Continuum GRC SaaS solution have role-based access to activity, change, deletion logs and reports. These are reportable and searchable in the system. They are also exportable in a variety of formats.

No one has the ability to alter these records.

Easy access to logs and activity reports

All administrators and examiners in the Continuum GRC SaaS solution have role-based access to audit logs and activity reports. These are reportable and searchable in the system. They are also exportable in a variety of formats.

No one has the ability to alter these records.

FIPS 140-02 encryption for all data at rest and in transit

As a FedRAMP Authorized SaaS solution, this requirement is mandatory for authorization.

Software producer self-attestation of secure software development in accordance with OPM Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices

As a FedRAMP Authorized SaaS solution, this requirement is mandatory for authorization.

User-friendly, intuitive graphical interface

The Continuum GRC SaaS solution is a drag-n-drop solution that does not require complex programming to utilize its user interface. Users are presented with a logical and user-friendly interface.

Compliant with revised Section 508 accessibility standards.

Our Section 508 compliance rating is excellent.

Ability to create multiple project templates to ensure new projects include all required steps, based on their type

The Continuum GRC SaaS solution has a native drag-n-drop form builder tool that allows administrators to easily create any number or type of form templates the organization requires.

Ability to create templates for auditors/analysts to document review/audit work that include designated fields for purpose, source, scope, and conclusion (to meet both Yellow Book and/or Blue Book requirements)

The Continuum GRC solution is a SaaS product that will allow the organization to conduct and document audits and evaluations and maintain supporting documentation in accordance with Yellow Book and Blue Book standards leveraging our extensively customizable SaaS platform features.

Ability to create and assign permissions based on user roles such as Group Chief, Senior Team Leader, Auditor-In-Charge, Audit Staff, Quality Assurance, independent reference, reviewer, preparer, or combination of roles

The Continuum GRC SaaS solution is a zero-trust system that requires administrators to establish roles with granular permissions. The Entity container sets up groups that keep data separate. Users, Examiners and Administrators will have the access determined by designated Administrators.

Ability to assign staff to different projects with permissions specific to each project

The Continuum GRC SaaS solution requires administrators establish roles with granular permissions. The Entity container sets up groups that keep data separate. Users, Examiners and Administrators will have the access determined by designated Administrators.

Centralized software policy management

The Continuum GRC SaaS solution has a central document management feature allowing for full policy management, versioning, and inclusions as evidence if needed. All files in the system are protected by FIPS 140-2 validated encryption inside a private blockchain, chain of custody system.

Ability to create workflows

The Continuum GRC SaaS solution has a variety of workflow tools designed to interface with multiple entry points within a project workflow. These can be as simple as Approval-Deny by designated examiners, to hype-granular event logic driven workflow rules that are created easily with Boolean logic simplicity.

Ability to copy existing projects

The Continuum GRC SaaS solution provides the ability to clone or copy forms, datasets, modules, and templates within the system. Our patent pending auto-mapping technology even allows for synchronization of project data between different forms and reports in real time.

Configurable fields and labels for project information, recommendations, etc.

The Continuum GRC SaaS solution is purpose-built for managing multi-team and multi-user projects. Integral to the solution are features such as the Action ITAM designed for workflow questions, requests, comments, project notes, suspense dates, accountability reporting and other powerful features to satisfy this requirement.

Configurable to handle multiple audit groups with varying fields of review and audit templates

The Continuum GRC SaaS solution is designed to facilitate large audit groups, large datasets with any variety of form fields, audit templates and any other form of bespoke requirement requiring form driven assessments.

Ability to support records management requirements.

The Continuum GRC SaaS solution has a central records management feature allowing for management, versioning, and restoration if needed.

Ability for staff to access completed projects by other teams

The Continuum GRC SaaS solution is a role-based system and administrators provision access to any project in the system. Completed projects are archived in Read-Only mode.

Ability to archive audit and evaluation files that are no longer required to be maintained

Completed projects are archived in Read-Only mode. Archival versions are maintained in perpetuity until being deleted by administrators.

Ability to access and reinitiate archived files if necessary

Archival versions are maintained in perpetuity until administrators reinitiate or remove these versions.

Ability to train in simulated production environment using previous work or test files

The Continuum GRC SaaS solution allows for cloning of all datasets to allow for the provisioning of simulation environments within the same system.

Robust training for administrators

Continuum GRC provides 24/7 access to training documentation, videos and learning materials. We also provide advanced 2-Day Bootcamp for administrators. Organizations that require ongoing training and special support may do so under contracted terms.

Train the trainers

Organizations that require ongoing training and special support may do so under contracted terms. We have included in the attached Continuum GRC - ATTCH 4 Pricing Template training support by our professional service team.

Training documentation

Continuum GRC provides 24/7 support to customers through a variety of methods such as telephone, email, and online customer portals. There is an extensive online manual available to all users.

Assistance from remote Help Desk available during business hours (6am -6pm Eastern Time) Monday – Friday.

The Continuum GRC SaaS solution provides a 24/7 help desk system with responsive remote support by the team. Additional support may be contracted if required.

Detailed reference materials

The Continuum GRC SaaS solution provides a comprehensive administration and user manual to users on a 24/7 online basis.

Self-contained projects with unique permissions and roles (including Independent Referencing)

The Continuum GRC SaaS solution is a role-based system and administrators provision access to any project or resources in the system.

Unique identifier

The Continuum GRC SaaS solutions projects, forms, questionnaires, datasets, evidentiary files, reports, and records all have unique identifiers. Additionally, the Record ID feature is a ticketing system feature allowing with unique identifiers for ticketing purposes.

Ability to establish, monitor, revise, and track milestones for each project

The Continuum GRC SaaS solution provides extensive project management features to report on and track project phases and success metrics along the way. Utilizing features such as real-time Gantt charts, Action ITAM reporting, Status Indicators and other tools to address this requirement.

Support for current and future Microsoft Office 365 file types (including Outlook email files)

The Continuum GRC SaaS solution provides native file management capabilities for the file formats. Additionally, document types such as Word and Excel are standard template formats that are manageable within the system. All file types may be processed as artifacts within the system.

Support for current and future Adobe Acrobat PDF files

The Continuum GRC SaaS solution provides native file management capabilities for the file formats. Additionally, document types such as PDF are standard output report file formats that are manageable within the system. All file types may be processed as artifacts within the system.

Support for alternative office file types (GoogleDocs, open-source office files, etc.)

The Continuum GRC SaaS solution provides native file management capabilities for the file formats. All file types may be processed as artifacts within the system.

Support for industry-standard media files (audio, video, image)

All file types may be processed as artifacts within the system. Additionally, media files are playable within the system. These files may be locally stored and protected within the system or pulled from external sources if authorized.

Support for large-scale, complex data and analysis files

The Continuum GRC SaaS solution provides SQL big data support capabilities. Additionally, our database integration features allow for the connection to external data sources.

Unique identifier for each attachment

The Continuum GRC SaaS solution has a central document management feature allowing for full policy management, versioning, and inclusions as evidence if needed. All files in the system are protected by FIPS 140-2 validated encryption inside a private blockchain, chain of custody system. Each file has a unique identifier.

Ability to update/replace attachment

The Continuum GRC SaaS solution has a central document management feature allowing for common file management capabilities. This upload, update, replace or delete capability is also integral to all modules File Upload form element inside existing or custom modules.

Ability to export documents

The Continuum GRC SaaS solution has native reporting outputs that include Word, Excel, PDF, CSV and text formats all of which are easily updated.

Support for large numbers of attachments in each project, and large individual attachments

The Continuum GRC SaaS solution is capable of attaching any number or size of attachment in the system. By default, the system is a zero-trust system that requires administrators to establish rules for increasing attachment numbers and sizes. The current defaults are restricted to 15 non-executable files no larger than 5 GB in size. These values are completely adjustable by administrators.

Ability to restrict access to attachments to a specific project

The Continuum GRC SaaS solution is a zero-trust system that requires administrators to establish access to all system resources including project data.

Ability to easily share selected attachments across projects

The Continuum GRC SaaS solution is a zero-trust system that requires administrators to establish access to all system resources including project data across multiple projects. Our patent pending auto-mapping is a powerful feature enhancing data synchronization in real-time as needed.

Ability to retain/recover multiple versions of attachments

The Continuum GRC SaaS solution provides a full-featured file attachment management system. Utilizing versioning, archiving, and duplication, the ability to retain or recover attachments is native functionality. There is also a system recycling feature that allows for the full restoration of project data and attachments for up to 30 days.

Ability to lock attachments to prevent changes

The Continuum GRC SaaS solution is a role-based system and administrators provision access to any project in the system. Completed projects are archived in Read-Only mode including attachments.

Ability to identify content such as Personally Identifiable Information (PII), Personal Health Information (PHI), or Sensitive Security Information (SSI) that must be protected from public disclosure

The Continuum GRC SaaS solution provides a feature for tagging of datasets with identifiers such as PHI, PII and others. The system can also search or search and replace regular expressions to search for and replace content by users, examiners and administrators.

Ability to add additional identifying information beyond title to each attachment

The Continuum GRC SaaS solution provides a feature for tagging of datasets with identifiers. Additionally, native document functionality allows for the inclusion of metadata which is supported by the file management capabilities of the system.

Ability for multiple users to collaborate for document creation and editing

The Continuum GRC SaaS solution is purpose-built for managing multi-team and multi-user projects. Integral to the system is an anti-collision capability that prevents users from “stepping on each other’s toes” utilizing our socket technology. Other users can see in real-time who is updating a form field and when they are completed.

Preparer signoffs

The Continuum GRC SaaS solution provides digital signature capabilities within the system.

Reviewer signoffs, multi-level

The Continuum GRC SaaS solution provides digital signature capabilities within the system to include any number of signatories.

Controls to prevent reviewing document they prepared

The Continuum GRC SaaS solution provides functionality to manage the read-write permissions on data. This is controlled by the administrators and controlled by simple permissions or also form logic when processing datasets.

Ability to provide reviewer comments and receive response from preparer prior to reviewer sign-off and retain those comments

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. Only administrators may delete these conversations.

Ability to provide peer-to-peer comments

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. Only administrators may delete these conversations. Additionally, all forms may have peer-to-peer fields for the entry of comments that may be hidden from anyone without permissions to view them.

Ability to identify changes made after supervisory review

The Continuum GRC SaaS solution provides the Status Indicator feature that automatically changes visually to alert reviewers of any change that may have occurred after a review. Additionally, the Audit Mode feature prevents changes by locking the dataset into a read-only mode.

Ability to reference auditor/evaluator write-ups to supporting documentation

The Continuum GRC SaaS solution provides indexing of supporting documentation directly associated to an evaluation. The upload form elements make this easy and intuitive.

Ability to link documentation to work papers created within software as well as attachments including Word, Excel, and Acrobat documents (to the documents themselves and to specific locations within the documents)

The Continuum GRC SaaS solution provides indexing of supporting documentation such as Word, Excel, and Acrobat directly associated to an evaluation. The upload form elements make this easy and intuitive. Additionally, our patent pending auto-mapping technology allows for cross associations to other projects and data sources.

Ability to efficiently handle large number of references within individual documents and across the audit file

The Continuum GRC SaaS solution provides indexing of supporting documentation such as Word, Excel, and Acrobat directly associated to an evaluation. The upload form elements make this easy and intuitive. Additionally, our patent pending auto-mapping technology allows for cross associations to other projects and data sources.

Ability for staff not participating in audit to review and verify cross-indexed references of all statements of fact within draft and final reports created in MS Word

The Continuum GRC SaaS solution provides native output support for Word and Excel. All stages of a project through draft and approved production are managed through the system workflow.

Ability to add visual cues indicating independent reference has verified that indexed evidence supports each statement of fact (e.g., tick marks)

The Continuum GRC SaaS solution provides the Status Indicator feature that visually indicates the disposition of a project requirement. Additionally, the project or module templates may have additional checkboxes to represent this requirement.

Ability to utilize reviewer tools for feedback and sign-off

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. Only administrators may delete these conversations. Additionally, all forms may have reviewer fields for the entry of feedback that may be hidden from anyone without permissions to view them. Additionally, the Status Indicator feature that visually indicates the disposition of a project requirement.

Ability to identify changes made to document after IREF exits document (not marked reviewed)

The Continuum GRC SaaS solution provides the Status Indicator feature that automatically changes visually to alert reviewers of any change that may have occurred after a review.

Ability for audit team to see issues identified while IREF works in the document (i.e., comments or reviewer notes)

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary.

Ability to track progress of IREF

The Continuum GRC SaaS solution provides the Status Indicator report feature allowing for easy progress reporting.

Ability to segregate audit findings issued in the draft report and those in the final report

The Continuum GRC SaaS solution provides a versioning feature that would allow for the segregation of report versions easily. Additionally, the Status Indicator report allows for separate reporting on all versions of the project report.

Ability to document changes to audit findings between draft report and final report stages

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. Additionally, the Action ITAM report allows for separate reporting on all versions of the project report.

Ability to indicate if an audit finding was dropped or changed following the draft report stage.

The Continuum GRC SaaS solution provides the Action ITAM and the Status Report visual features to support this requirement. Additionally, the project or module templates may have additional checkboxes to represent this requirement.

Ability to create recommendations based on audit work

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary.

Ability to create custom fields for findings and recommendations to support tracking and reporting requirements (minimum of 5 monetary fields, 4 date fields, 7 selectable-text fields)

The Continuum GRC SaaS solution provides a drag-and-drop easy form builder tool to completely customize any form, questionnaire, or module.

Ability to mark recommendations for reporting (i.e., for tracking or information only)

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. The Action ITAM report is designed for this purpose.

Ability to track recommendations from migrated projects, including reporting

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. The Action ITAM report is designed for this purpose.

Status indicator for each recommendation (e.g., unresolved, resolved, closed)

The Continuum GRC SaaS solution provides the Status Indicator feature that indicates unaddressed (gray), unresolved (red), resolved (yellow) and closed (green) indications.

Ability to update recommendation status, including target action dates, and attach additional supporting information

The Continuum GRC SaaS solution is completely interactive allowing for real-time status changes, monitoring of project dates, workflow requirements for tasks or additional information, and a host of many other supporting features.

Ability to document auditee response to recommendations received in response to the draft report.

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. The Action ITAM report is designed for this purpose.

Ability to export open and/or closed recommendations as a dashboard for web-presentation.

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. The Action ITAM report is designed for this purpose.

Ability to quickly locate documentation within a project using text-based search of labels and contents

The Continuum GRC SaaS solution provides a full featured document management capability allowing for a searchable attributes such as tags, labels, content, and typical file names.

Support for rich text formatting of text

The Continuum GRC SaaS solution provides the Paragraph form field element that is rich-text capable. It allows for the pasting of external data and utilize rich-text formatting tools as needed.

Support for Copy/Cut/Paste

The Continuum GRC SaaS solution provides the Paragraph form field element that is rich-text capable. It allows for the copy-cut-pasting of external data and utilize rich-text formatting tools as needed.

Support for inline and on-demand spell check, with editable dictionary

The Continuum GRC SaaS solution provides support for a variety of browser-based spelling and grammar checking tools to include editable custom dictionaries.

Ability to create and format tables

The Continuum GRC SaaS solution provides the Paragraph form field element that is rich-text capable. It allows for the creation and formatting of dynamic tables as needed.

Support for tracking of changes

The Continuum GRC SaaS solution provides the Status Indicator feature that automatically changes visually to alert reviewers of any change that may have occurred after a review. The Status Indicator report allows for dashboards and a variety of change reports.

Ability to create work papers and add support offline

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Ability to cancel offline items locked by users that may no longer be using them

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Process to synchronize offline changes to database

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Ability to review and resolve conflicts from offline production

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Controls to prevent unintentional overwrites by conflicting offline changes

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Ability for peer review access of entire audit file without access to the organization's network

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Easily accessible reports for staff indicating completion and review status

The Continuum GRC SaaS solution provides online viewing of any variety of reports in both document formats and graphic dashboards.

Visual reminders for pending deadlines and open items

The Continuum GRC SaaS solution provides the Action ITAM feature that provides dashboard views, document notifications and email alerts to deadlines and action items.

Access items directly from dashboards

The Continuum GRC SaaS solution provides a variety of purpose-created dashboards all allowing for direct linkages to project data.

Visual representation of open and/or closed recommendations

The Continuum GRC SaaS solution provides the Action ITAM feature that provides dashboard views, document notifications and email alerts to open and or closed items.

Ability to create notifications within the system for user-defined triggers such as pending deadlines, review status, recommendation dates, and required actions

The Continuum GRC SaaS solution provides native functionality for notification triggers, rules and workflow events which are defined by administrators.

Ability to create e-mail notifications based on user-defined triggers

The Continuum GRC SaaS solution provides native functionality for email notification triggers, rules and workflow events which are defined by administrators.

Ability to generate reports across entire database and within specific projects

The Continuum GRC SaaS solution provides a patent pending feature referred to as Nest Entities allowing for the cross-entity or cross-dataset viewing and reporting of projects.

Ability to create standard reports for tracking milestones — initial and revised dates compared to actual

The Continuum GRC SaaS solution provides extensive project management features to report on and track project phases and success metrics along the way. Utilizing features such as real-time Gantt charts, Action ITAM reporting, Status Indicators, and other tools to address this requirement.

Ability to automate creation of required reports such as a Semi-annual Report (SAR)

The Continuum GRC SaaS solution provides custom report document generation. There is no limitation here in the required outputs and may be produced in Word, Excel, PDF, CSV and text formats.

Ability to create standard reports for tracking recommendations — initial and revised dates compared to actual

The Continuum GRC SaaS solution provides extensive project management features to report on and track project phases and success metrics along the way. Utilizing features such as real-time Gantt charts, Action ITAM reporting, Status Indicators, and other tools to address this requirement.

Ability to automate creation of draft and final reports. Preference that reports are 508 compliant.

The Continuum GRC SaaS solution provides excellent 508 compliance. There are no known limitations with this requirement.

Ability to generate time and expense reports based on criteria such as user, project, or specified groups

The Continuum GRC SaaS solution has a native drag-n-drop form builder tool that allows administrators to easily create any number or type of form templates the organization requires.

Ability to generate reports on any database field

The Continuum GRC SaaS provides many ready-made reporting dashboards that dynamically update. Our reporting dashboards have hundreds of options that allows for extreme granularity of reporting options.

Ability to create ad hoc reports and queries

The Continuum GRC SaaS provides many ready-made reporting dashboards that dynamically update. Our reporting dashboards have hundreds of options that allows for extreme granularity of reporting options.

Ability for staff to report time and expenses on a biweekly basis

The Continuum GRC SaaS solution has a native drag-n-drop form builder tool that allows administrators to easily create any number or type of form templates the organization requires.

Ability for staff to charge time to non-project codes (e.g., sick leave, annual leave, award leave, holiday leave, etc.)

The Continuum GRC SaaS solution has a native drag-n-drop form builder tool that allows administrators to easily create any number or type of form templates the organization requires.

Workflow for supervisory review of all time and expense entries

The Continuum GRC SaaS solution has a variety of workflow tools designed to interface with multiple entry points within a project workflow. These can be as simple as Approval-Deny by designated examiners, to hype-granular event logic driven workflow rules that are created easily with Boolean logic simplicity.

Ability to easily re-assign staff to a different manager for time and expense reporting

The Continuum GRC SaaS solution requires administrators establish roles with granular permissions. The Entity container sets up groups that keep data separate. Users, Examiners and Administrators will have the access determined by designated Administrators.

Are there any other technology vendors that your product(s) integrate with?

  • The Continuum GRC SaaS solution’s OpenAPI integrates with hundreds of solution providers.
  • The Continuum GRC SaaS feature known as the Dynamic Data Integrator allows for the importation of external data sources, typically from legacy systems clients are migrating from to dynamically create system modules and automatically import large volumes of data.
  • In the event that a unique API integration is required to connect to an external solution’s proprietary system, we create these. It generally takes one month to code and QA test the solution for general production viability. Some examples we have are Qualys Scanner, Saint Scanner, Tenable.IO, and others.

    What problems are you solving? What are some government use cases for your product(s)?

    Every business and organizational entity in the world must endeavor to eliminate risks that threaten them, their employees, and shareholders. Additionally, those industries have unique regulatory and industry compliance, audit, attestations, and authorizations they must be compliant with.

    The Continuum GRC SaaS provides a FedRAMP Authorized and StateRAMP Authorized secure solution that enables the development of those readiness and program requirements; enabled the independent evaluation of risk and compliance by assessment authorities calculating governance, risk, and compliance metrics, dashboards, and documentation during that phase; and facilitates the continuous monitoring and maintenance of these programs for the entire life-cycle of these programs.

    Supporting 26 languages, the high degree of automation, integrations, and auto-mapping between the world's compliance frameworks provides an intuitive solution to our clients.

    High-level overview of your products and solutions.

    https://continuumgrc.com/videos/

    The Continuum GRC is an agile, affordable risk assessment and compliance management automation solution and is the only global platform authorized for both FedRAMP and StateRAMP requirements. Our Partner Program goal is to drive new business and be more efficient for partners across all verticals of business anywhere across the globe.

    Continuum GRC is a collaborative and cost-effective audit & compliance, risk assessment & risk management, and policy & governance development solution that helps our partners be cost-effective.

    Auto-mapped standards, automated documentation, real-time status, risk & maturity offerings work across all of the audits, regulatory and risk frameworks in 26 languages saving time and money.

    Continuum GRC reduces manual labor by 55% on average, with some tasks such as maintaining multiple frameworks by an astounding 100%.

    Enterprise security, dynamic dashboards, document generation, integrations, and connectivity for advanced collaborations.

    Automation and creative tools along with Blockchain Chain-of-Custody evidence management for auditors.

    Controls must ‘live’ within the system, and it must be possible to link to other modules (e.g. risks and audit findings), and send out self-assessments

    The Continuum GRC SaaS is a full-featured risk assessment & risk management, compliance assessment & compliance management, policy development & policy management system for the enterprise.

    Controls would have various elements such as frequency, priority, control type, owner, evidence of operation for each cycle and reference to a risk and policy

    Continuum GRC has native functionality for workflows, notification logic, and schedulers are included.

    Controls can be assigned to local owners in the system

    Continuum GRC has native functionality for delegation and assignment workflows.

    Ability to add multiple control frameworks some created and managed internally (e.g. in house FCAR, ITCAR, MITCAR) and some external (e.g. NIST CSF) against sites/entities/IT applications

    Continuum GRC currently supports more than 85 of the worlds frameworks with internally developed frameworks also.

    Self-assessments can be downloaded blank (as well as when completed)

    Continuum GRC has native functionality for exporting any state of a self-assessment.

    System must be able to handle the fact we are a global business with multiple entities (e.g. Global, Regional, Sector, Function) and users working regionally/globally. IT applications would also be considered an entity or asset against which multiple controls or control sets could be applied.

    Continuum GRC has native functionality for the separation of different groups, entities, divisions, users, companies, etc. through our Entity feature.

    Evidence of control performance can be uploaded from multiple sites at varying frequencies (i.e. the same control is applicable to 40 sites and all can load evidence quarterly)

    Continuum GRC has native functionality for evidence management from a variety of sources including locally attached, automated integrations, and other inputs.

    Results of audit work can be linked to entities/sites (inc. IT applications) and logged against controls and risks

    Continuum GRC has native functionality for organizing findings with control requirements and risks.

    Separate boxes for audit findings/issues and the actual action

    Continuum GRC has native functionality for issue remediation tracking and workflows.

    Ability for admins to change the risk rating of an action in the system

    Continuum GRC has native functionality for Admins to modify any parameter of an assessment module. Examiners are able to change the risk status of the assessment inputs.

    System can link to other data sources common input sources (e.g. SAP, excel) to support control monitoring and is able to extract data for reporting purposes OR provide appropriate reporting solution in system.

    Continuum GRC has native functionality for integrating with a variety of external data sources. Additionally, our Dynamic Data Integrator will intake external csv and Excel documents easily.

    User access can be viewed by certain user groups (and not just admins)

    Continuum GRC has native functionality for Admins and Examiners (a role like an auditor or manager of a user group.) to do this.

    Risk scoring/categorization mechanism can be tailored to fit with risk frameworks (and can be updated if we want to change the framework at a later date)

    Continuum GRC has native functionality for tailoring all parameters without programming changes. We also provide a creation tool for complete customizations.

    Local risks can be shared across site risk registers / baseline controls (i.e. risk of major explosion) to drive consistency

    Continuum GRC has native functionality for auto mapping between control requirements and this includes status and risk.

    System must be able to hold and report on risk appetite scores and link them appropriately to component risks including highlighting where risk appetite is outside tolerance by site/entity

    Continuum GRC has native functionality for displaying risk scores and heatmap style dashboards making it easy to focus on risk priorities.

    Consider possibility of auto-generation of regional risk registers based on highest scoring risks in local site registers (with ability to add additional risks on strategy etc)

    Continuum GRC has native functionality for displaying risk across many entities, areas, or other grouping based display requirements.

    System has a full audit trail that is accessible by admins as a minimum

    Continuum GRC has native functionality for detailed audit logging and reports that are accessible to Admins and Examiners, however none have the ability to alter these records.

    Speed – system must be responsive in a timely manner

    Continuum GRC SaaS is designed for responsive interfaces.

    System must be configurable to requirements without the need for bespoke coding/heavy customization

    Continuum GRC has native functionality for a plethora of powerful customization features none of which requires any coding.

    Continuous Controls Monitoring (CCM) capabilities – i.e. Ability to run reports for sites to assess control performance ; standard reports generated where controls not performed.

    Continuum GRC has native functionality for scheduled and on-demand reporting, hundreds of real-time dashboards are available.

    Ability to classify certain controls as key controls – thinking ahead for Sox implementation

    Continuum GRC has native functionality for allows for custom tagging, classifications and groupings without coding.

    Repository to store process documentation, user guides, training, manuals etc.

    Continuum GRC has native functionality for encrypted file management, document management, policy management and protected with a private blockchain-based evidence management system.

    As well local control owners in the system – have process owner role.

    Continuum GRC has native functionality for role-based access and delegations.

    To be able to add user defined controls in cases where risks are not covered by existing suite of controls – given the duplication issues in the Hive we should have an approval process (preferably the process owner) before a user defined control can be added.

    Continuum GRC has native functionality for the creation and modification of all control frameworks and custom frameworks.

    Workflow for controls that require multiple performers i.e. preparer and reviewer

    Continuum GRC has native functionality for many levels of workflow.

    Automated workflow with notification of upcoming assigned tasks (including execution of a control) being due configurable reminders and escalation for any task / action that has gone over due by a defined time limit

    Continuum GRC has native functionality for a multitude of workflow triggers to notify, schedule, update, and more.

    Able to group sites/entities into multiple logical groups (e.g. Regional Field to group sites into their respective regions for actions and risks)

    Continuum GRC has native functionality for an Entity which is a grouping of resources and users that may be many layers and many separations.

    Must be able to define different site types and ability to retain and save the controls attributed to each site type rather than repeating this exercise annually (e.g. Manufacturing Site, Sales Site, GMP site)

    Continuum GRC has native functionality for site administrators to separate site types in our Entity feature.

    Standard risk registers, by site type/asset (e.g. a manufacturing site, a sales office, an Incotec site, an IT Application, Database or Operating system etc.)

    Continuum GRC has native functionality for standard risk registrations with separation by Entity site type.

    Ability to differentiate risks as current or emerging

    Continuum GRC has native functionality for modifying with our Form Builder tools any module, form, or questionnaire in the system with drag-n-drop ease. This could be a simple as adding a multichoice field to an existing form.

    Ability to show the velocity score of risks

    Continuum GRC has native functionality for showing velocity as a percentage of total risk and as velocity as a separate value.

    A field showing the date when the audit action was added to the system

    Continuum GRC has native functionality for a variety of audit trail displays including change date data.

    A field showing the date when the audit action was closed

    Continuum GRC has native functionality for modifying with our Form Builder tools any module, form, or questionnaire in the system with drag-n-drop ease. This could be a simple as adding a multichoice field to an existing form.

    Single Sign On capability to Active Directory

    Continuum GRC has native functionality for SAML connections to AD and other authentication management systems.

    Ability to upload multiple files as supporting evidence in PDF and standard Microsoft formats, Word, Excel, Outlook emails

    Continuum GRC has native functionality for the uploading, editing, and management of these file types.

    Ability to have different levels of access across the modules (e.g. risk register owners, site owners, control owners, reviewers, approvers) and comprehensive reporting capability

    Continuum GRC has native functionality for role based delegation to all system resources.

    Ability to copy and paste from and into fields

    Continuum GRC has native functionality for Rich Text fields supporting this requirement.

    Ability to hold risks in risk registers

    Continuum GRC has native functionality for the creation of any type of form. Our Risk Registry module accomplishes this, but may also be modified without coding.

    Ability to hold actions with owner, raised date, detail and due dates against controls and risks.

    Continuum GRC has native functionality known as an Action ITAM that serves this purpose.

    Ability to add, edit and delete sites (a site being a logical unit at which risks, audits and controls can be managed against)

    Continuum GRC has native functionality for Administrators to easily accomplish this.

    Ability to export risk register to excel

    Continuum GRC has native functionality for the exportation in Excel among several other file types.

    Ability to filter across all fields

    Continuum GRC has native functionality for advances data searches and filtering.

    Ability to reference each risk by it's own reference number

    Continuum GRC has native functionality for reference numbers with our Record ID field element ticketing features.

    Ability to delete/archive/edit risks

    Continuum GRC has native functionality for real time modifications to all data sets in production, or in archive.

    Have multiple risk registers across the group

    Continuum GRC has native functionality for Administrators to easily accomplish this.

    Ability to configure system to align with risk framework

    Continuum GRC has native functionality for easy creation of custom frameworks and the modification of standard frameworks with drag-n-drop ease.

    Ability to type free text

    Continuum GRC has native functionality for this requirement.

    Ability to score a risk (both Pre/Post control) with likelihood and impact then multiply for final risk score

    Continuum GRC has native functionality for showing before and after as a percentage of total risk.

    Ability to have a checker to see who last edited the actions and risks

    Continuum GRC has native functionality for both Examiners and Admins to review audit logs for everyone in the system.

    Change management process/audit logs when making updates to the system.

    Continuum GRC has native functionality for both Examiners and Admins to review audit logs for everyone in the system.

    Ability to see when the actions and risks were last updated

    Continuum GRC has native functionality for both Examiners and Admins to review audit logs for everyone in the system.

    Ability to save risk as draft

    Continuum GRC has native functionality for draft, then final, then archive versions.

    Ability to view Generic Risk List

    Continuum GRC has native functionality for any type of form be created. Our Form Builder tools allow for the Admin to easily create anything.

    Ability to add a Generic Risk

    Continuum GRC has native functionality for any type of form be created. Our Form Builder tools allow for the Admin to easily create anything.

    Ability to have drop down lists for each box when required

    Continuum GRC has native functionality for any type of form be created. Our Form Builder tools allow for the Admin to easily create anything.

    Ability to filter audit actions

    Continuum GRC has native functionality for advanced data searches.

    Ability to export Action List to excel

    Continuum GRC has native functionality to export audit logs and many other data attributes to Excel.

    Ability for admins to edit/delete actions

    Continuum GRC has native functionality to prevent the tampering with audit logs.

    Ability of admin to add a new audit action

    Continuum GRC has native functionality for workflows to include audit actions to forms and modules. If this requirement is to add to the system audit logging, that would require a development ticket.

    Ability to have pre set drop down lists

    Continuum GRC has native functionality in the Form Builder tooling for this requirement.

    Ability to free type own description

    Continuum GRC has native functionality in the Form Builder tooling for this requirement.

    Ability to automate colors depending weather action is overdue

    Continuum GRC has native functionality for assigning scores to our color pallet.

    System admin- use same account for everything (main role/action role/ risk workflow role)

    Continuum GRC has native functionality for role based access to address this requirement.

    Ability to export Access Lists

    Continuum GRC has native functionality in the Access Manager for this requirement.

    Ability to add/edit users for admins

    Continuum GRC has native functionality in the Access Manager for this requirement.

    When editing/adding users have an assignment capability that allows users to be granted rights (read, update, etc.) to multiple entities (e.g. sectors/functions/regions)

    Continuum GRC has native functionality in the Access Manager for this requirement.

    Admin- ability to change user details e.g. password

    Continuum GRC has native functionality in the Access Manager for this requirement.

    Admin- ability to make a user inactive

    Continuum GRC has native functionality in the Access Manager for this requirement.

    Admin- ability to see all the roles a user has

    Continuum GRC has native functionality in the Access Manager for this requirement.

    Admin- ability to bulk edit

    Continuum GRC has native functionality for certain bulk actions. More information is needed to better define this requirement.

    Ability to see and report on what role access you have

    Continuum GRC has native functionality in the Access Manager for this requirement.

    Ability to have a risk category manager

    Continuum GRC has native functionality to easily assign roles.

    Ability to add/edit/delete (entities) sites for admins

    Continuum GRC has native functionality in the Access Manager for this requirement.

    Ability to apply people organization structure to a site/entity structures (e.g. right people have access to appropriate sites)

    Continuum GRC has native functionality in the Access Manager for this requirement.

    Ability to add FCAR,MITCAR,e.g. to site (FCAR, ITCAR, MITCAR being a set of defined controls appliable to a specific site)

    Continuum GRC has native functionality in the Form Builder tooling for this requirement.

    Able to measure risk impact in qualitative and/or quantitative terms Continuum GRC has native functionality for showing risk as a percentage of total risk and displaying in various dashboards real time values. We are not using traditional formulas for this feature.

    Ability to send out an automated email to task/action owners including periodic reminders with up incoming deadlines

    Continuum GRC has native functionality for notification logic, triggers, and workflows.

    Ability to bring up a calendar when entering a date and quick click the date

    Continuum GRC has native functionality for this requirement.

    Ability to filter against (exclude)

    Continuum GRC has native functionality for advanced data searches.

    Automated log out when inactive

    Continuum GRC has native functionality for setting timeouts by the site administrator.

    Be able to have a desired end state risk position e.g. pre controls we have a rating of 30, post control its 24 but desired state is 12. The risk treatment plan should then be moving us towards that level of risk.

    Continuum GRC has native functionality for scoring a single element within a range of -999 up to 999 with color pallet based on score. This provides options for this requirement.

    Be able to link a defined control to an industry standard control from multiple frameworks e.g. ISO27001, NIST CSF, COBIT

    Continuum GRC has native functionality for Auto Mapping between standards. This also includes custom modules created by site Admins.

    Be able to demonstrate state of compliance of controls against multiple standard frameworks e.g. ISO27001, NIST CSF, COBIT

    Continuum GRC has native functionality for supporting all of the aforementioned standards and hundreds more. Additionally, all of our standards auto map meaning the systems exponentially save work and prevents human error.

    Ability to record and track Key Risk indicators (KRI) or KPI against risks and controls

    Continuum GRC has native functionality for displaying these metrics in dashboards and report outputs.

    Ability to store group policies and documentation including lifecycle management (draft, review, publish) with the ability to publish to external sources such as SharePoint

    Continuum GRC has native functionality for Policy and Document management in the system. The full life-cycle inside the system. System outputs and integrations allow for publishing to external systems.

    Ability to have risk appetite and risk tolerance scores

    Continuum GRC has native functionality for Admins to design their own forms and apply their own scores easily.

    Ability to have parent child risk relationships with some logic checking e.g. Cyber Risk may have multiple component risks that require managing separately and for logic for example the child risk cannot be greater than the parent risk.

    Continuum GRC has native functionality for logic driven forms, scores, and workflows to be established by the site Admin.

    Audit delivery: Ability to create and approve an audit terms of reference (e.g. scope) within the system.

    Continuum GRC has native functionality for from driven workflows that support this requirement.

    Audit delivery: Ability to draft an audit report within the system including an executive summary, overall report rating and individual finding risk ratings (commentary on findings , recommendations, risks etc, risk linked to controls), optionally suggest actions and submit the draft for management responses, management responses are then reviewed and approved and actions can be automatically added to the system with identified owner and due date. Ability to publish the report to multiple stakeholders and extract the report to word or PowerPoint.

    Continuum GRC has native functionality for all of these requirements. Form driven workflows and document and report generation are all fundamental features.

    Ability to link policies to risks to controls throughout the system

    Continuum GRC has native functionality for designing form that directly associate evidence and policies to controls. This is simple functionality integral to the system.

    Be able to record whether a risk affects the C,I,A of a system per ISO27001 Clause 6.1.2c)1): The organization shall define and apply an information security risk assessment process that: c) identifies the information security risks: 1) apply the information security risk assessment process to identify risks associated with the loss of confidentiality, integrity and availability for information within the scope of the information security management system;"

    Continuum GRC has native functionality as a form driven system. Every form regardless if it is from our inventory or designed by the site admin has the capability to capture this requirement.

    Ability to have a single control support multiple control frameworks (e.g. operate a control once apply to multiple sites/entities/IT applications as appropriate) rather than execute the same control multiple times

    Continuum GRC has native functionality for auto mapping between frameworks in real time. Every framework in our inventory does this without any additional configuration work. Also, an admin can use our form building tools to create something proprietary and have it also leverage auto mapping between frameworks and forms.

    Comprehensive dynamic reporting capabilities and trending over customizable date ranges on actions, risks and controls at a minimum at site/entity/IT application levels to be used by the Group Risk and Assurance team for monitoring

    Continuum GRC has native functionality for hundreds of dashboard reports from the micro to the macro that all update in real time.

    Comprehensive dashboard capabilities allowing actionable information appropriate to the role within the system. (e.g. Site owner can see key risks, failing controls, audit actions and any escalations, upcoming due items)

    Continuum GRC has native functionality for providing several system indications, dashboards, logic notifications and reports that are all role based assigned.

    Comprehensive executive level reporting/trending which can be used to present at senior Risk Committee, Audit Committee (e.g. enterprise level risk reporting)

    Continuum GRC has native functionality for displaying executive dashboards, summary reports, summary notifications and a plethora more.

    Dynamic dashboard and report of controls by logic al grouping (e.g. site/entity/IT application/control framework) showing current status - (e.g. effective, ineffective, overdue) and % compliance (essentially an on demand status assessment)

    Continuum GRC has native functionality for an Entity which is a grouping of resources and users that may be many layers and many separations.

    Capability to manage enterprise/site/function Business Continuity Management

    Continuum GRC has native functionality for any process driven, form driven requirement and leverage a full suite of automation tools. This requirement may be easily created using integrated form builder drag-n-drop ease.

    Capability to manage enterprise Crisis Management

    Continuum GRC has native functionality for any process driven, form driven requirement and leverage a full suite of automation tools. This requirement may be easily created using integrated form builder drag-n-drop ease.

    Capability to manage enterprise HSE (Health Safety Executive)

    Continuum GRC has native functionality for any process driven, form driven requirement and leverage a full suite of automation tools. This requirement may be easily created using integrated form builder drag-n-drop ease.

    Capability to manage enterprise ESG (environment sustainability governance)

    Continuum GRC has native functionality for any framework. We provide many pre-configured modules in our inventory. We also support all others including proprietary ones. This requirement may be easily created using integrated form builder drag-n-drop ease.

    The Integrated Risk Management System shall be DFARS, NIST 800-171 and FedRamp moderate compliant.

    The Continuum GRC FedRAMP Authorized Package ID is FR1915750265 and contains additional information regarding our data retention and preservation implementations. The Agency may use the FedRAMP Package Access Request Form to review the full FedRAMP Authorization details.

    The Integrated Risk Management System shall integrate with the Company CMDB.

    Easily import external data sources through our patent pending Dynamic Integrator functionality, through custom API integrators, and through our OpenAPI capabilities which suit most data transactions between external systems, legacy systems, and even raw inputs.

    The Integrated Risk Management System shall have the ability to provide risk reporting dashboard.

    Create hundreds of dashboards and reports with many popular pre-built dashboards, but also end-user-defined reports that may be focused on the macro-level down to the micro-level.

    The Integrated Risk Management System shall integrate with security appliances and software / Sensors to support validation of controls or firewall rules etc. (e.g. Splunk / Nessus).

    Easily import external data sources through our patent pending Dynamic Integrator functionality, through custom API integrators, and through our OpenAPI capabilities which suit most data transactions between external systems, legacy systems, and even raw inputs.

    The Integrated Risk Management System shall have the ability to track and manage risks and opportunities.

    The Continuum GRC SaaS solution provides the Status Indicator report feature allowing for easy progress reporting.Ability to export documents. The Continuum GRC SaaS solution provides extensive project management features to report on and track project phases and success metrics along the way. Utilizing features such as real-time Gantt charts, Action ITAM reporting, Status Indicators and other tools to address this requirement.

    The Integrated Risk Management System shall provide the capability for fields/forms to be edited on an as needed basis to stay consistent with the risk/opportunity process.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create an incident response workflow with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards. Continuum GRC has native functionality for certain bulk actions. More information is needed to better define this requirement.

    The Integrate Risk Management System shall allow for changes to the workflows without needing changes to underlying systems and platforms. (high agility for updating and changing workflows on the fly)

    The Continuum GRC SaaS solution has a variety of workflow tools designed to interface with multiple entry points within a project workflow. These can be as simple as Approval-Deny by designated examiners, to hype-granular event logic driven workflow rules that are created easily with Boolean logic simplicity. The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module workflows that may be delegated, monitored, reported, and dashboarded. Extensive audit logging allows for performance monitoring of system resources and system users. Boolean logic features allow for precise rule creation to alert the designated team members and transfer the right data points to additional forms, reports, dashboards, external integrations, and many other user-defined workflows.

    The Integrated Risk Management System shall have the ability to export from the tool to Excel.

    The Continuum GRC SaaS solution has native reporting outputs that include Word, Excel, PDF, CSV and text formats all of which are easily updated.

    The Integrated Risk Management System shall have the ability to ingest MBSE data from Cameo Systems Modeler (or other like SySML tool) by uploading or plugin.

    Easily import external data sources through our patent pending Dynamic Integrator functionality, through custom API integrators, and through our OpenAPI capabilities which suit most data transactions between external systems, legacy systems, and even raw inputs.

    The Integrated Risk Management System shall support programmatic authorization of systems.

    Evaluation of controls utilizes the Status Indicator feature updaging real-time dashboards and workflows.

    The Integrated Risk Management System shall support continuous monitoring and authorization for authorized systems.

    Continuum GRC has native functionality for scheduled and on-demand reporting, hundreds of real-time dashboards are available.

    The Integrated Risk Management System shall enable users to complete System Security Plan information.

    Continuum GRC has native functionality for users to create, update, and maintain system security plan documentation.

    The Integrated Risk Management System shall offer a wizard-like way to assist in completing System Security Plans and evaluate security controls.

    Utilize the Continuum GRC's patent pending A.ITAM feature to provide user prompts accelerating the technical writing and document production of documents such as the SSP. Evaluation of controls utilizes the Status Indicator feature updating real-time dashboards and workflows.

    The Integrated Risk Management System shall offer users context-sensitive prompts based on system architecture to create better statements when authoring System Security Plans.

    Utilize the Continuum GRC's patent pending A.ITAM feature to provide user prompts accelerating the technical writing and document production of documents such as the SSP.

    The Integrated Risk Management System shall provide users with recommended technical solutions for meeting controls.

    The Continuum GRC solution has the capability to provide predetermined helper text and citations. The entry points are through form element helper text parameters, form logic responses, and integrations from external systems.

    The Integrated Risk Management System shall automatically update Common Controls in System Security Plans when the parent control is updated.

    Continuum GRC has native functionality for auto mapping between frameworks in real time. Every framework in our inventory does this without any additional configuration work. Also, an admin can use our form building tools to create something proprietary and have it also leverage auto mapping between frameworks and forms.

    The Integrated Risk Management System shall automatically provide an assessment of controls entered by users.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides the Action ITAM and Status Indicator features that make it easy to identify exceptions, document exceptions, assign to one or more responsible users, notify all assigned and responsible parties, display through user-specific Priority Dashboards and consolidated team Action ITAM reports and Status Indicator reports making it easy to identify priorities and accountability. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations all from within the Continuum GRC SaaS.

    The Integrated Risk Management System shall provide notifications to users to complete documentation.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides the Action ITAM and Status Indicator features that make it easy to identify exceptions, document exceptions, assign to one or more responsible users, notify all assigned and responsible parties, display through user-specific Priority Dashboards and consolidated team Action ITAM reports and Status Indicator reports making it easy to identify priorities and accountability.

    The IRM system shall support controls inheritance and allow creation of a hierarchy to enable consistent inheritance.

    Continuum GRC has native functionality for auto mapping between frameworks to include control inheritance in real time. Every framework in our inventory does this without any additional configuration work. Also, an admin can use our form building tools to create something proprietary and have it also leverage auto mapping between frameworks and forms.

    The IRM System shall provide version control as well as track changes for documents, artifacts, and all other objects where possible.

    The Continuum GRC SaaS solution provides a versioning feature that would allow for the segregation of report versions easily. Additionally, the Status Indicator report allows for separate reporting on all versions of the project report.

    The Integrated Risk Management System shall allow for creation of Plans of Actions and Milestones (POAMs) for each registered environment.

    The Continuum GRC solution has the native capability to create and manage the customary two-tabbed spreadsheet POA&M report and manage it within the POA&M module.

    The Integrated Risk Management System shall allow for automated tracking of Plans of Actions and Milestones (POAMs) for each registered environment.

    The Continuum GRC solution has the native capability to create and manage the customary two-tabbed spreadsheet POA&M report and manage it within the POA&M module.

    Notifications sent by the Integrated Risk Management System shall be tunable in terms of frequency, message format, and which events trigger a notification.

    The solution must provide clear and easy-to-understand built-in reports that will add value to the incident response process. Create workflow with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

    Environments onboarded in the Integrated Risk Management System shall display the associated vendor assessments for products used in the environment.

    Our popular two-click navigation Risk Heatmaps take you to your priority requirements quickly. Review dashboards such as the Consolidated Executive Review, Compliance Status, Risk Rating, Maturity Rating, Task and Deliverable Reports, Gap Reports, and Timeline Performance with Real-Time Charts, Graphs, and Maps. Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations.

    The IRM System shall provide SSP document generation for delivery to third parties, including in oscal format

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides a Blockchain Cryptographic Chain-of-Custody Evidence Management capability that associates system documents and all files in the system with a specific system user. All Continuum GRC form-questionnaire-modules have document production capabilities with outputs such as Word, Excel, PDF, and other document outputs. The Document Manager within the system allows for customary document and file management features. The Template Manager allows for rich-text document creation and management capabilities for Rapid Document Generation, Digital Signatures, Change Detection Indicators, OSCAL, Multipart Excel, Word, CSV Spreadsheet, PDF, and TXT Document Output (POA&M, SSP, etc.).

    The IRM system shall have a progressive system to assist each role within a given workflow to complete that roles identified responsibilities and inputs.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides the Action ITAM and Status Indicator features that make it easy to identify exceptions, document exceptions, assign to one or more responsible users, notify all assigned and responsible parties, display through user-specific Priority Dashboards and consolidated team Action ITAM reports and Status Indicator reports making it easy to identify priorities and accountability. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations all from within the Continuum GRC SaaS.

    The IRM System shall be performant and load each web page in under 3 seconds.

    The Continuum GRC solution is robust and conforms to this generally however the volume of data selected as well as the end users network speed and endpoint processing power will impact page load times. The latter two are the responsibility of the end user.

    The IRM System shall support Company personnel developing and maintaining workflows.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create an incident response workflow with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

    The IRM system shall integrate the Company CMDB and display Configuration Items (CIs) associated with an environment inside the IRM system.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

    The IRM system shall integrate with the IT Service Management platform for ticket creation in the ITSM, including firewall requests, hardware requests, and IP address requests.

    The Continuum GRC SaaS solutions projects, forms, questionnaires, datasets, evidentiary files, reports, and records all have unique identifiers. Additionally, the Record ID feature is a ticketing system feature allowing with unique identifiers for ticketing purposes.

    The IRM system shall integrate with the IT Service Management platform for the ability to create objects such as environments in the IRM system.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

    The IRM system shall integrate with the IT Service Management platform for the ability to initiate a decommission based on a ticket entered in the ITSM.

    The Continuum GRC SaaS solutions projects, forms, questionnaires, datasets, evidentiary files, reports, and records all have unique identifiers. Additionally, the Record ID feature is a ticketing system feature allowing with unique identifiers for ticketing purposes.

    The Integrated Risk Management System shall integrate with the Contracts Management System in order to get notification when an environment/contract is no longer used.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

    The Integrated Risk Management System shall integrate with the "IRAD data" in order to get notification when an IRAD environment is no longer used.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

    The Integrated Risk Management System shall be able to decommission an environment from information received from integration with CMDB, Contracts, and IRAD systems.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

    The IRM System Shall have Analytics to take actions when sensors (IE Splunk, Nessus, etc) indicate non-compliance with controls

    Our popular two-click navigation Risk Heatmaps take you to your priority requirements quickly. Review dashboards such as the Consolidated Executive Review, Compliance Status, Risk Rating, Maturity Rating, Task and Deliverable Reports, Gap Reports, and Timeline Performance with Real-Time Charts, Graphs, and Maps. Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations.

    The Integrated Risk Management System shall automate the DER questionnaire so when designated questions have "undesirable" responses a POAM?/risk? Will be automatically created.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create an incident response workflow with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

    The Integrated Risk Management System must provide the ability to create a risk register that includes a description of risks and maps them to controls, owners, remediation actions, suppliers, etc.

    Continuum GRC has native functionality for auto mapping between control requirements and this includes status and risk.

    The Integrated Risk Management System must offer pre-built question sets/templates, e.g., NIST 800-171, NIST 800-53, ISO 27002, etc.

    Continuum GRC has auto-mapped the world's standards and frameworks seamlessly together. These are the most requested modules, but certainly not our entire inventory. FedRAMP, StateRAMP, EUCS, PCI ROC & SAQ, SSAE 18 SOC 1, & SOC 2, CONMON, POA&M, CSF, CJIS, DFARS NIST 800-171, CMMC, C5, ISO 27001, 27005, 27017, 27018, 17020, 17021, 17025, 17065, HIPAA NIST 800-66, NIST 800-53, NERC CIP & 693, COSO, SEC, NFA, & FINRA, CIS, CTPAT, Cyber Essentials, FDA 21, FIPS 199, NIST 800-30, NIST 800-37, COSO ERM, Third-Party Risk Assessments, Vendor Risk Assessments, Physical Security Risk Assessments, Site Visit Risk Assessments, GDPR, CCPA, DPIA and more. The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create any framework requirement with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

    The Integrated Risk Management System must have the capability to build custom risk assessment questionnaires.

    The Continuum GRC SaaS solution provides a drag-and-drop easy form builder tool to completely customize any form, questionnaire, or module.

    The Integrated Risk Management System must have the capability to export completed risk assessment questionnaires in Microsoft Excel format.

    All Continuum GRC form-questionnaire-modules have document production capabilities with outputs such as Word, Excel, PDF, and other document outputs. The Document Manager within the system allows for customary document and file management features.

    The Integrated Risk Management System must include capabilities to identify, classify, monitor, and recommend cyber risk mitigation.

    Continuum GRC has native functionality for displaying risk scores and heatmap style dashboards making it easy to focus on risk priorities.

    The Integrated Risk Management System must have the ability to auto-generate risks based on questionnaire responses.

    Our popular two-click navigation Risk Heatmaps take you to your priority requirements quickly. Review dashboards such as the Consolidated Executive Review, Compliance Status, Risk Rating, Maturity Rating, Task and Deliverable Reports, Gap Reports, and Timeline Performance with Real-Time Charts, Graphs, and Maps. Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations.

    The Integrated Risk Management System must be able to route findings and tasks to appropriate personnel, who can respond by completing remediation tasks or logging exception requests that identify effective compensating controls.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module workflows that may be delegated, monitored, reported, and dashboarded. Extensive audit logging allows for performance monitoring of system resources and system users. Boolean logic features allow for precise rule creation to alert the designated team members and transfer the right data points to additional forms, reports, dashboards, external integrations, and many other user-defined workflows.

    The Integrated Risk Management System must offer automation of workflow, risk-based scoping, data collection, assessment scoring, findings generation and notifications.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create an incident response workflow with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards. Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations.

    The Integrated Risk Management System must include questionnaire logic capability, i.e., the ability to create conditional questions based on previous responses.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module workflows that may be delegated, monitored, reported, and dashboarded. Extensive audit logging allows for performance monitoring of system resources and system users. Boolean logic features allow for precise rule creation to alert the designated team members and transfer the right data points to additional forms, reports, dashboards, external integrations, and many other user-defined workflows.

    The Integrated Risk Management System must provide the ability to assess the effectiveness of supplier security controls and carry out ongoing monitoring of supplier risks.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides the Action ITAM and Status Indicator features that make it easy to identify exceptions, document exceptions, assign to one or more responsible users, notify all assigned and responsible parties, display through user-specific Priority Dashboards and consolidated team Action ITAM reports and Status Indicator reports making it easy to identify priorities and accountability. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations all from within the Continuum GRC SaaS. Leverage homegrown or our current Third-Party Risk Assessments, Vendor Risk Assessments, Physical Security Risk Assessments, Site Visit Risk Assessments, DPIA and more.

    The Integrated Risk Management System must have the capability to automatically reissue periodic assessments of Company internal systems and suppliers.

    Continuum GRC has native functionality for workflows, notification logic, and schedulers are included. Continuum GRC has native functionality for scheduled and on-demand reporting, hundreds of real-time dashboards are available.

    The Integrated Risk Management System must be able to store and document supplier due diligence and remediation activities, i.e. it must be able to associate findings and associated remediation to a supplier, and the system shall facilitate remediation tracking.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides the Action ITAM and Status Indicator features that make it easy to identify exceptions, document exceptions, assign to one or more responsible users, notify all assigned and responsible parties, display through user-specific Priority Dashboards and consolidated team Action ITAM reports and Status Indicator reports making it easy to identify priorities and accountability. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations all from within the Continuum GRC SaaS. Leverage homegrown or our current Third-Party Risk Assessments, Vendor Risk Assessments, Physical Security Risk Assessments, Site Visit Risk Assessments, DPIA and more.

    The Integrated Risk Management System must provide for ad-hoc reporting to classify and categorize suppliers, e.g. high risk suppliers, etc.

    Our popular two-click navigation Risk Heatmaps take you to your priority requirements quickly. Review dashboards such as the Consolidated Executive Review, Compliance Status, Risk Rating, Maturity Rating, Task and Deliverable Reports, Gap Reports, and Timeline Performance with Real-Time Charts, Graphs, and Maps. Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations.

    The Integrated Risk Management System must enable users to create and track remediation plans against each supplier along with due dates for those plans to be completed.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides the Action ITAM and Status Indicator features that make it easy to identify exceptions, document exceptions, assign to one or more responsible users, notify all assigned and responsible parties, display through user-specific Priority Dashboards and consolidated team Action ITAM reports and Status Indicator reports making it easy to identify priorities and accountability. Continuum GRC has native functionality for a multitude of workflow triggers to notify, schedule, update, and more.

    The Integrated Risk Management System must offer out-of-the-box, ad-hoc reporting that doesn’t require custom coding.
    The Continuum GRC SaaS provides many ready-made reporting dashboards that dynamically update. Our reporting dashboards have hundreds of options that allows for extreme granularity of reporting options all without the need for custom coding.

    The Integrated Risk Management System must have the ability to report assessment results and remediation activities to senior management and regulators through real-time status and results dashboards.

    Continuum GRC has native functionality for providing several system indications, dashboards, logic notifications and reports that are all role based assigned.

    The Integrated Risk Management Solution must provide key risk reporting components, i.e. the ability to report on inherent risk levels, residual risk levels, etc.

    Continuum GRC has native functionality for the creation of any type of form. Our Risk Registry module accomplishes this, but may also be modified without coding.

    The Integrated Risk Management Solution must have the capability to produce risk assessment reports in both Microsoft Word and PDF formats

    All Continuum GRC form-questionnaire-modules have document production capabilities with outputs such as Word, Excel, PDF, and other document outputs. The Document Manager within the system allows for customary document and file management features.

    "The Integrated Risk Management System shall provide a new risk form with the following fields: Risk ID (automatically generate), Risk name (required),Risk category, Program ID, Risk Statement (required), Impact Statement (required), Risk Notes"

    The Continuum GRC SaaS solution has a native drag-n-drop form builder tool that allows administrators to easily create any number or type of form templates the organization requires.

    The Integrated Risk Management System shall have a Risk Tier assigned by the Risk Author when opening the risk.

    The Continuum GRC SaaS solution is a zero-trust system that requires administrators to establish roles with granular permissions. The Entity container sets up groups that keep data separate. Users, Examiners and Administrators will have the access determined by designated Administrators.

    The Integrated Risk Management System shall require an ELT member be assigned as the Risk Owner when a Risk Tier equals Tier 1 or Tier 2.

    The Continuum GRC SaaS solution is a zero-trust system that requires administrators to establish roles with granular permissions. The Entity container sets up groups that keep data separate. Users, Examiners and Administrators will have the access determined by designated Administrators.

    The Integrated Risk Management System shall require a Risk POC be assigned when a Risk Tier equals Tier 1 or Tier 2.

    The Continuum GRC SaaS solution is a zero-trust system that requires administrators to establish roles with granular permissions. The Entity container sets up groups that keep data separate. Users, Examiners and Administrators will have the access determined by designated Administrators.

    risk details The Integrated Risk Management System shall include urgency, time to close, group owner, risk owner

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides the Action ITAM and Status Indicator features that make it easy to identify exceptions, document exceptions, assign to one or more responsible users, notify all assigned and responsible parties, display through user-specific Priority Dashboards and consolidated team Action ITAM reports and Status Indicator reports making it easy to identify priorities and accountability. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations all from within the Continuum GRC SaaS.

    The Integrated Risk Management System shall provide Risk Urgency options of Immediate, Near Term or Long Term to be selected.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides the Action ITAM and Status Indicator features that make it easy to identify exceptions, document exceptions, assign to one or more responsible users, notify all assigned and responsible parties, display through user-specific Priority Dashboards and consolidated team Action ITAM reports and Status Indicator reports making it easy to identify priorities and accountability. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations all from within the Continuum GRC SaaS.

    The Integrated Risk Management System shall set the Risk Status for a new risk to "Open-Mitigation In Progress".

    The Continuum GRC FedRAMP Authorized SaaS solution has native functionality to establish any type of selection criteria using our easy to use, drag-n-drop form creation tooling to satisfy this requirement.

    The Integrated Risk Management System shall require Risk Tier to be selected from Tier 1, Tier 2, or Tier 3

    The Continuum GRC FedRAMP Authorized SaaS solution has native functionality to establish any type of selection criteria using our easy to use, drag-n-drop form creation tooling to satisfy this requirement.

    The Integrated Risk Management System shall calculate the Risk Level by using the risk likelihood multiplied by risk impact to get the overall risk score.

    Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting.

    The Integrated Risk Management System shall require a risk to have at a minimum of one(1) item in the Mitigation Plan.

    The Continuum GRC FedRAMP Authorized SaaS solution has native functionality to establish any type of selection criteria using our easy to use, drag-n-drop form creation tooling to satisfy this requirement.

    The Integrated Risk Management System shall decrease the Risk Score each time a Mitigation Plan action is completed.

    Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting.

    The Integrated Risk Management System shall decrease the Risk Score by the Post Mitigation Risk Level value associated with each mitigation action each time a mitigation is completed/closed.

    Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting.

    The Integrated Risk Management System shall require at a minimum of one mitigation action for each risk.

    The Continuum GRC FedRAMP Authorized SaaS solution has native functionality to establish any type of selection criteria using our easy to use, drag-n-drop form creation tooling to satisfy this requirement.

    Mitigation Plan shall require an owner, description, status, projected start/end date, baseline start/end date for each risk mitigation, and post mitigation risk level.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides the Action ITAM and Status Indicator features that make it easy to identify exceptions, document exceptions, assign to one or more responsible users, notify all assigned and responsible parties, display through user-specific Priority Dashboards and consolidated team Action ITAM reports and Status Indicator reports making it easy to identify priorities and accountability.

    The Integrated Risk Management System shall record change history in date/time stamp for each field.

    The Continuum GRC SaaS solution has a central records management feature allowing for management, versioning, and restoration if needed.

    The Integrated Risk Management System shall allow for an active risk to be modified by the Risk POC .

    Continuum GRC has native functionality for logic driven forms, scores, and workflows to be established by the site Admin. Delegated respondents are able to modify risk or compliance status selections that trigger automated updates to scores, reports, and dashboards in real-time.

    The Integrated Risk Management System shall allow for a mitigation to be modified by the Risk POC or Mitigation Owner.

    Continuum GRC has native functionality for logic driven forms, scores, and workflows to be established by the site Admin. Delegated respondents are able to modify risk or compliance status selections that trigger automated updates to scores, reports, and dashboards in real-time.

    The Integrated Risk Management System shall provide a change history for every field with date/time/author stamp of each change.
    The Continuum GRC SaaS solution has a central records management feature allowing for management, versioning, and restoration if needed.

    The Integrated Risk Management System shall provide a form for new Opportunity entry to capture Opportunity Name (required), Opportunity Category (required), Program ID, Opportunity Statement, Impact Statement, Opportunity Notes, and Create Date (required, auto populated with date when opp is submitted).

    The Continuum GRC FedRAMP Authorized SaaS solution has native functionality to establish any type of selection criteria using our easy to use, drag-n-drop form creation tooling to satisfy this requirement.

    "When a new opportunity is being entered, the Integrated Risk Management System shall capture Details, and Opportunity Level. Opportunity Urgency, Impact Date, Impact Event, Opp Closure Date, Opp Closure Event, Group (required), Functional Team, Opportunity Owner(required), Originator, Review Date, WBS Element, Critical Path checkbox (required). "

    The Continuum GRC FedRAMP Authorized SaaS solution has native functionality to establish any type of selection criteria using our easy to use, drag-n-drop form creation tooling to satisfy this requirement.

    The Integrated Risk Management System shall have the ability to create cyber supply chain risk management questionnaires.

    The Continuum GRC SaaS solution has a native drag-n-drop form builder tool that allows administrators to easily create any number or type of form templates the organization requires.

    The Integrated Risk Management System shall have the ability to create a new risk based on supplier responses in the cyber supply chain risk management questionnaire.

    Continuum GRC has native functionality for logic driven forms, scores, and workflows to be established by the site Admin. Use our form logic to create intuitive response driven forms, reports, and dashboards.

    The Integrated Risk Management System shall autoflag a supplier when a questionnaire/checklist will expire within a configurable interval timeframe.

    Continuum GRC has native functionality for workflows, notification logic, and schedulers are included.

    When a supplier questionnaire/checklist needs to be updated, the Integrated Risk Management System shall provide a notification to Supplier POC in a configurable interval.

    Continuum GRC has native functionality for workflows, notification logic, and schedulers are included.

    The Integrated Risk Management System shall provide a notification within a configurable interval when a supplier has not resolved a POAM.

    Continuum GRC has native functionality for workflows, notification logic, and schedulers are included.

    The Integrated Risk Management System shall provide a notification within a configurable interval to the supplier POC when a supplier requires a refresh.

    Continuum GRC has native functionality for scheduled and on-demand reporting, hundreds of real-time dashboards are available.

    The Integrated Risk Management System shall automatically remove a supplier when a supplier questionnaire/checklist has not been updated within a configurable interval after the expiration date.

    Continuum GRC has native functionality for form availability scheduling that will close access off to responsible parties using simple date driven rules.

    The IRM System shall support Company personnel developing and maintaining workflows as it relates to IT disaster recovery workflows/processes.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create an incident response workflow with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

    The Integrated Risk Management Solution shall have integrated tooling that provides a risk assessment score of third party suppliers and software products built off of industry best practice criteria (Reporting/Verification/Validation of external 3rd party (nth party) suppliers with compliance/monitoring/real-time alert capability)

    Our popular two-click navigation Risk Heatmaps take you to your priority requirements quickly. Review dashboards such as the Consolidated Executive Review, Compliance Status, Risk Rating, Maturity Rating, Task and Deliverable Reports, Gap Reports, and Timeline Performance with Real-Time Charts, Graphs, and Maps. Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations.

    The Integrated Risk Management Solution shall have capability to ingest data from all data sources including Splunk, Environment Risk, CIOC, OneTrust, and other systems to provide adequate executive dashboard reporting and automated trend reporting and risk management.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

    The Integrated Risk Management Solution shall have integrated tooling that checks/ validates system compliance policies and reports on noncompliance

    Continuum GRC has native functionality provides response and input automation for alerting and displaying compliance status, risk scoring, and assessor validation status.

    The Integrated Risk Management Solution shall have capability to ingest data from all data sources including Splunk, Environment Risk, CIOC, OneTrust, and other systems to provide adequate executive dashboard reporting and automated trend reporting and risk management.

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

    The Integrated Risk Management Solution shall have integrated tooling that checks/ validates system compliance policies and reports on noncompliance

    Continuum GRC has native functionality provides response and input automation for alerting and displaying compliance status, risk scoring, and assessor validation status.

    Will the solution ensure real-time data synchronization across platforms (e.g. ServiceNow, CMDB)?

    The Continuum GRC solutions integrations provide support for both schedule driven and real-time data exchanges with authorized systems.

    Will the solution provide the ability to author, store, and communicate CIS Compliance and Governance policies and additionally be able to map the sections of policies to regulations and industry standards?

    Continuum GRC has native functionality for auto mapping between frameworks in real time. Every framework in our inventory does this without any additional configuration work. Also, an admin can use our form building tools to create something proprietary and have it also leverage auto mapping between frameworks and forms. Continuum GRC has native functionality for auto mapping between control requirements and this includes status and risk.

    Will the solution provide corporate obligations management?

    Continuum GRC has native functionality for all types of responsibility delegations, reporting, and dashboarding. Additionally, our drag-n-drop form builder tooling makes it easy to adapt forms to any requirement.

    Including documenting external obligations to the company and manage compliance, legal and regulatory change management?
    Continuum GRC has native functionality for all types of responsibility delegations, reporting, and dashboarding. Additionally, our drag-n-drop form builder tooling makes it easy to adapt forms to any requirement.

    Including international compliance, legal and regulatory obligations?

    Continuum GRC has native functionality for all types of responsibility delegations, reporting, and dashboarding. Additionally, our drag-n-drop form builder tooling makes it easy to adapt forms to any requirement.

    Will the solution provide audit planning and quality functions to facilitate Compliance audit engagements and workpaper management for audit planning processes to ensure the audit program is managed effectively and meeting business requirements?

    The Continuum GRC SaaS solution is designed to facilitate large audit groups, large datasets with any variety of form fields, audit templates and any other form of bespoke requirement requiring form driven assessments. Continuum GRC has native functionality as a form driven system. Every form regardless if it is from our inventory or designed by the site admin has the capability to capture this requirement.

    Will the solution provide the ability to identify and track at the program (business until project and programs for the customer) level vulnerabilities across enterprise-level initiatives and at the system level to identify and track system-specific vulnerabilities?

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides familiar form-questionnaire-module style inputs for the collection, maintenance, management, and analysis of risk assessment datasets. Our popular two-click navigation Risk Heatmaps take you to your priority requirements quickly. Review dashboards such as the Consolidated Executive Review, Compliance Status, Risk Rating, Maturity Rating, Task and Deliverable Reports, Gap Reports, and Timeline Performance with Real-Time Charts, Graphs, and Maps. Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations.

    Will the solution provide sub-contractor and Supplier Compliance and Governance capability to inventory all Sub-contractors and Suppliers?

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides familiar form-questionnaire-module style inputs for the collection, maintenance, management, and analysis of risk assessment datasets. Our popular two-click navigation Risk Heatmaps take you to your priority requirements quickly. Review dashboards such as the Consolidated Executive Review, Compliance Status, Risk Rating, Maturity Rating, Task and Deliverable Reports, Gap Reports, and Timeline Performance with Real-Time Charts, Graphs, and Maps. Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations.

    Include the capability so contacts can be documented and accountability for relationships can be established by named individual and by the business units that own the relationship?

    The Continuum GRC SaaS solution is a zero-trust system that requires administrators to establish roles with granular permissions. The Entity container sets up groups that keep data separate. Users, Examiners and Administrators will have the access determined by designated Administrators.

    Will the solution provide Compliance and Governance risk and performance information so it can be rolled-up across all products and services delivered and depicted in aggregate?

    The Continuum GRC SaaS solution provides a patent pending feature referred to as Nest Entities allowing for the cross-entity or cross-dataset viewing and reporting of projects.

    Will the solution provide controls assurance program management, which includes documentation of the control universe and the ability to manually assess and report on the performance of controls at the business hierarchy and process level?

    The Continuum GRC SaaS solution provides extensive project management features to report on and track project phases and success metrics along the way. Utilizing features such as real-time Gantt charts, Action ITAM reporting, Status Indicators and other tools to address this requirement.

    Will the solution provide data governance is designed to provide a framework to help organizations identify, manage, and implement appropriate controls around sensitive data processing activities?

    The Continuum GRC SaaS solution provides a drag-and-drop easy form builder tool to completely customize any form, questionnaire, or module.anges visually to alert reviewers of any change that may have occurred after a review.

    Will the solution provide privacy management to enable group processing activities for the purposes of performing data protection impact assessments and tracking regulatory and data breach communications with data protection authorities?

    The Continuum GRC SaaS solution provides a patent pending feature referred to as Nest Entities allowing for the cross-entity or cross-dataset viewing and reporting of projects.

    "Will the solution provide controls monitoring management that is built upon the foundation established with GRC?"

    The Continuum GRC SaaS solution provides the Status Indicator feature that automatically changes visually to alert reviewers of any change that may have occurred after a review. The Status Indicator report allows for dashboards and a variety of change reports.

    Will the solution provide the ability to define and manage separate Compliance and Governance projects, assess and report on the performance of controls across all Enterprise asset levels including technical infrastructure, and the ability to automate control assessment and monitoring continuously?

    The Continuum GRC SaaS solution provides a patent pending feature referred to as Nest Entities allowing for the cross-entity or cross-dataset viewing and reporting of projects.

    Will the solution provide continuous monitoring to allow the organization to poll many types of scanner and sensors to build aggregate risk view at any level of the enterprise?

    Continuum GRC has native functionality for scheduled and on-demand reporting, hundreds of real-time dashboards are available.

    Will the solution at the lowest end, individual defects can be monitored and scored?

    Continuum GRC has native functionality for displaying risk across many entities, areas, or other grouping based display requirements.

    Will the solution aggregate defects per device?

    The Continuum GRC SaaS solution provides a patent pending feature referred to as Nest Entities allowing for the cross-entity or cross-dataset viewing and reporting of projects.

    Will the solution aggregate devices into information systems?

    The Continuum GRC SaaS solution provides a patent pending feature referred to as Nest Entities allowing for the cross-entity or cross-dataset viewing and reporting of projects.

    Will the solution identify information systems that belong to component offices, then agencies, then departments?

    The Continuum GRC SaaS solution is a zero-trust system that requires administrators to establish roles with granular permissions. The Entity container sets up groups that keep data separate. Users, Examiners and Administrators will have the access determined by designated Administrators.

    Will the solution provide a risk score that can be designated at any layer in the hierarchy and the amount of relative risk introduced by any device can be measured?

    Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting. Continuum GRC has native functionality for scoring a single element within a range of -999 up to 999 with color pallet assignments based on score.

    Will the solution provide DER (Design Engagement Reviews) assessments and authorization to allow assessment and authorization of information systems before they go into production to ensure they are operating at an acceptable level of risk?

    Testing systems may be included in your Continuum GRC solution.

    Will the solution provide risk management including a risk register to catalog CIS Compliance and Governance risks, pre-built CIS Compliance and Governance Risk Assessments for IT, Threat Assessment, Control Procedures to catalog IT controls, and the Business Infrastructure and IT asset catalogs to support CIS Compliance and Governance risk management?

    Continuum GRC has native functionality for the creation of any type of form. Our Risk Registry module accomplishes this, but may also be modified without coding.

    Will the solution provide cyber incident & breach response to establish business context to drive CIS Compliance and Governance participation in incident prioritization and implement processes designed to escalate, investigate, and resolve and report declared incidents effectively?

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create an incident response workflow with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

    UI/UX Design with USWDS Compliance

    Continuum GRC uses the U.S. Web Design System (USWDS) maturity model to deliver a great digital experience and to be in compliance with the website standards of the Technology Transformation Services of the General Services Administration.

    Inclusive Design/Accessibility/Section 508 Compliance

    The Continuum GRC SaaS solution provides excellent 508 compliance. There are no known limitations with this requirement. Our VPAT 2.5 report is excellent.

    Simultaneous Display
    The Continuum GRC SaaS solution allows for simultaneous display of
    documentation, artifacts, and materials displayed concurrently across multiple browser tabs or windows by a single user.

    Embedded Rendering and Display

    The Continuum GRC SaaS solution allows for the embedded rendering and display of artifacts in common formats such as JPG, PNG, GIF, BMP, TIF, WEBP, SVG, DOC/DOCX, ODT, XLS/XLSX, ODS, PPT/PPTX, ODP, TXT, PDF without downloading or use of external tooling within the solutions file viewer feature helping to prevent data leakage.

    Comment on Each Component

    The Continuum GRC SaaS solution allows for the review of OSCAL security
    authorization documents and comment on each component (e.g. individual security controls, services, or system component) of the documentation.

    Concurrent Data & Document Access

    The Continuum GRC SaaS solution allows for access to documentation and data to facilitate concurrent, editing, commenting and viewing by multiple users. Additionally using our socket technology, users will not overwrite each other’s work while providing visibility to others of the activities that first user in real time.

    Communication

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides the Action ITAM and Status Indicator features that make it easy to identify exceptions, document exceptions, assign to one or more responsible users, notify all assigned and responsible parties, display through user-specific Priority Dashboards and consolidated team Action ITAM reports and Status Indicator reports making it easy to identify priorities and accountability. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations all from within the Continuum GRC SaaS.

    Knowledge Base

    The Continuum GRC SaaS solution allows for the ability to generate and develop knowledge base articles based on common challenges experienced by users or deliverables that are like ticketing functionality. The integral RBAC views to knowledge base articles to support self remediation of issues is native functionality. Additionally, Continuum GRC’s company site provides an FAQ as an alternative.

    Role-Based Reviews/Assignments

    Continuum GRC has native functionality for role-based delegation to all system resources.

    Feedback to CSP

    The Continuum GRC SaaS solution is purpose-built for managing multi-team and multi-user projects. Integral to the solution are features such as the Action ITAM designed for workflow questions, requests, comments, project notes, suspense dates, accountability reporting and other powerful features to satisfy this requirement.

    Reporting Capabilities

    1. Ability to generate a consolidation of review notes as a summary sheet to provide to external stakeholder (CSP) during follow up meetings.

    The ACTION ITAM report is designed for this requirement.

    2. Ability to track and automate metrics (i.e. time in motion, task specific time tracking, number of handoffs with CSP, remediation timeline, most frequent errors).

    Task scheduling is and task timing is native functionality. Also, the ACTION ITAM report is designed for this requirement.

    3. Ability to track package progress (e.g. schedule, performance, etc.).

    The Status Indicator is native functionality designed for this purpose.

    4. Ability to track and access previous versions of a package and identify changes between versions.

    Versioning is native functionality, but side-by-side version comparison is not current functionality.

    5. Ability to facilitate and track updates by external stakeholders.

    The ACTION ITAM report is designed for this requirement. Also the Status Indicator and form logic features improve change tracking.

    6. Ability to convert diagrams to PDFs and search keywords within them.

    Report conversions to PDF is native functionality.

    7. Ability to generate a dashboard to report on a single or all package statuses.

    The Continuum GRC SaaS provides many ready-made reporting dashboards that dynamically update. Our reporting dashboards have hundreds of options that allows for extreme granularity of reporting options.

    8. Ability to define and track key risk indicators (KRI) at multiple levels of visibility and access granularity.

    Continuum GRC has native functionality for displaying these metrics in dashboards and report outputs.

    Notifications and Alerts

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create any framework requirement with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

    Defects from prior reporting periods

    The Continuum GRC SaaS solution has a central records management feature allowing for management, versioning, and restoration if needed. Additionally, custom reporting forms may be created for addressing this requirement.

    Triggers

    Once the automated integration inputs data into the systems intake forms-questionnaires-modules then the logic trigger functionality takes over. System administrators establish simple Boolean rules to trigger events and provide real-time alerts, notifications, reports, and dashboards keeping users informed and up to date.

    Upload Capability

    The Continuum GRC SaaS solution has a central document management feature allowing for common file management capabilities. This upload, update, replace or delete capability is also integral to all modules File Upload form element inside existing or custom modules.

    Authentication

    The Continuum GRC SaaS solution requires multi-factor authentication. Additionally, our SAML integration feature allows for the connection to internal or external SP-IDP systems that support CAC PIV, SSO, AD and a any SAML-compliant solution to other authentication management systems.

    Role-Based Access Control

    The Continuum GRC SaaS solution is a role-based system and administrators provision access to any project or resources in the system. Continuum GRC has native functionality for role-based access and delegations.

    API Designer

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides feature-rich interfaces through pre-built integrations, form-questionnaire-module customizations, templated variables, parameter values, data webhook rules enabling logic triggers, and custom notification rules. Use HTTP Authentication, Custom HTTP Headers, Data Formatting, Key-Value Pairs, Raw Data, and other API-driven capabilities.

    API Configuration Management

    Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

    Query Endpoints

    The Continuum GRC SaaS solution allows through a variety of API-driven connections to fetch data from defined endpoints. Once fetched, the site administrator will decide what processes, forms, and automations should be applied to derive value from that raw data.

    Metadata

    The Continuum GRC SaaS solution provides a feature for tagging of datasets with identifiers. Additionally, native document functionality allows for the inclusion of metadata which is supported by the file management capabilities of the system.

    Data Operations

    The Continuum GRC SaaS solution allows for the processes and activities performed on data to manipulate, analyze, transform, store, retrieve, and manage it effectively. These operations can include data entry, validation, cleaning, transformation, integration, aggregation, querying, reporting, and visualization, among others, to ensure that data is accurate, consistent, and accessible for decision-making and analysis purposes creating value from data by making it useful and meaningful for organizations and individuals.

    Machine Learning Endpoints

    Utilize the Continuum GRC's patent pending A.ITAM feature to provide user prompts accelerating the technical writing and document production of documents such as the SSP.

    Notifications and Alerts

    The Continuum GRC SaaS solution provides native functionality for notification triggers, rules and workflow events which are defined by administrators. System administrators establish simple Boolean rules to trigger events and provide real-time alerts, notifications, reports, and dashboards keeping users informed and up to date.

    Webhook Capability

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides feature-rich interfaces through pre-built integrations, form-questionnaire-module customizations, templated variables, parameter values, data webhook rules enabling logic triggers, and custom notification rules. Use HTTP Authentication, Custom HTTP Headers, Data Formatting, Key-Value Pairs, Raw Data, and other API-driven capabilities.

    Data Management

    The Continuum GRC SaaS solution allows for the management of large datasets and file artifacts inside the solution negating the need for external repositories. The Continuum GRC SaaS solution has a central document management feature allowing for full policy management, versioning, and inclusions as evidence if needed. All files in the system are protected by FIPS 140-2 validated encryption inside a private blockchain, chain of custody system.

    Dashboards

    Create hundreds of dashboards and reports with many popular pre-built dashboards, but also end-user-defined reports that may be focused on the macro-level down to the micro-level.

    Auditing/Logs

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides extensive on-board reporting and audit logging features all of which may be sent to external integrated applications. The Continuum GRC SaaS solution maintains real-time audit logs on all users to be analyzed as needed by administrators and examiners. These reports may also be exportable for further analysis. No one has the ability to alter these records.

    Documentation and Version Control

    The Continuum GRC SaaS solution provides a full-featured file attachment management system. Utilizing versioning, archiving, and duplication, the ability to retain or recover attachments is native functionality. The solution provides a data retention feature to automatically purge dataset on a fixed schedule if needed. There is also a system recycling feature that allows for the full restoration of project data and attachments for up to 30 days.

    Software Development Kit (SDK)

    The Continuum GRC SaaS solution allows for the creation of an infinite variety of modules, reports, workflows, and integrations. The Open-API compliance of the system supplants the need for an SDK.

    Application Programming Interface

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides feature-rich interfaces through pre-built integrations, form-questionnaire-module customizations, templated variables, parameter values, data webhook rules enabling logic triggers, and custom notification rules. Use HTTP Authentication, Custom HTTP Headers, Data Formatting, Key-Value Pairs, Raw Data, and other API-driven capabilities.

    Integration and Technical Capabilities

    The Continuum GRC solutions integrations provide support for both schedule driven and real-time data exchanges with authorized systems.

    Version Control

    The Continuum GRC SaaS solution provides a versioning feature that would allow for the segregation of report versions easily. Additionally, the Status Indicator report allows for separate reporting on all versions of the project report.

    Correlating Data

    The Continuum GRC SaaS solution allows for the cross examination of this generic requirement primarily through dynamic real-time dashboards.

    Automated Document Generation

    All Continuum GRC form-questionnaire-modules have document production capabilities with outputs such as Word, Excel, PDF, and other document outputs. The Document Manager within the system allows for customary document and file management features. The Template Manager allows for rich-text document creation and management capabilities for Rapid Document Generation, Digital Signatures, Change Detection Indicators, OSCAL, Multipart Excel, Word, CSV Spreadsheet, PDF, and TXT Document Output (POA&M, SSP, etc.).

    Validation from Authoritative Sources

    Continuum GRC has native functionality provides response and input automation for alerting and displaying compliance status, risk scoring, and assessor validation status.

    Centralized Artifact Management

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides a Blockchain Cryptographic Chain-of-Custody Evidence Management capability that associates system documents and all files in the system with a specific system user.

    Document Store Storage

    The Continuum GRC SaaS solution has a central document management feature allowing for full policy management, versioning, and inclusions as evidence if needed. All files in the system are protected by FIPS 140-2 validated encryption inside a private blockchain, chain of custody system.

    Data Catalog

    Continuum GRC has native functionality for the creation of any type of form. Once data populates the modules in the system, cataloging is possible as defined by the system administrator.

    Data Pipeline

    Continuum GRC allows for raw data to be ingested from various data sources and then ported to data store, like a data lake or data warehouse, for analysis.

    Document Centric Repository

    The Continuum GRC SaaS solution has a central document management feature allowing for full document management, versioning, and inclusions as evidence if needed. All files in the system are protected by FIPS 140-2 validated encryption inside a private blockchain, chain of custody system.

    Query Endpoints

    The Continuum GRC SaaS solution allows through a variety of API-driven connections to fetch data from defined endpoints. Once fetched, the site administrator will decide what processes, forms, and automations should be applied to derive value from that raw data.

    Analytical and Statistical Function Endpoints

    The Continuum GRC SaaS solution allows through a variety of API-driven connections to fetch or push data from defined endpoints. Once processed, the site administrator will decide what workflows, forms, and automations should be applied to derive value from that raw data.

    Machine Learning Endpoints

    Utilize the Continuum GRC's patent pending A.ITAM feature to provide user prompts accelerating the technical writing and document production of documents such as the SSP. Evaluation of controls utilizes the Status Indicator feature updating real-time dashboards and workflows. Additionally, through our integration capability to external Machine Learning Operations applications, the end-to-end process and infrastructure for developing, deploying, monitoring, and managing machine learning models in production environments is available.

    Dashboarding & Visualizations

    Create hundreds of dashboards and reports with many popular pre-built dashboards, but also end-user-defined reports that may be focused on the macro-level down to the micro-level.

    Cross resource analytics

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides extensive on-board reporting features all of which may be sent to external integrated applications. Create hundreds of dashboards and reports with many popular pre-built dashboards, but also end-user-defined reports that may be focused on the macro-level down to the micro-level. Our patent-pending Nested Entities and Crossview risk heatmaps give users a high-level graphical understanding of risk and compliance inside the organization and across multiple teams and organizations all from within the Continuum GRC SaaS. Analyze automatic scorecards, calculations, real-time dashboards, cross-dataset reporting, dashboards, and analysis views.

    Unified Data Analytics & MLOps Pipeline Requirements

    Utilize the Continuum GRC's patent pending A.ITAM feature to provide user prompts accelerating the technical writing and document production of documents such as the SSP. Evaluation of controls utilizes the Status Indicator feature updating real-time dashboards and workflows. Additionally, through our integration capability to external Machine Learning Operations applications, the end-to-end process and infrastructure for developing, deploying, monitoring, and managing machine learning models in production environments is available.

    Custom Validators

    The Continuum GRC solution allows for system administrators to determine what custom validations occur through the drag-n-drop module creation tooling.

    Creation of Validators

    The Continuum GRC solution allows for system administrators to determine what custom validations occur through the drag-n-drop module creation tooling.

    Create and Manage Actions

    The Continuum GRC solution allows for system administrators to determine what custom form logic actions are required and Boolean logic features allow for precise rule creation to alert the designated team members and transfer the right data points to additional forms, reports, dashboards, external integrations, and many other user-defined workflows.

    Configurable Workflow

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module workflows that may be delegated, monitored, reported, and dashboarding. Extensive audit logging allows for performance monitoring of system resources and system users. Boolean logic features allow for precise rule creation to alert the designated team members and transfer the right data points to additional forms, reports, dashboards, external integrations, and many other user-defined workflows.

    Time Drive Events and Scheduling

    Continuum GRC has native functionality for workflows, notification logic, and schedulers are included. Task scheduling is and task timing is native functionality. Also, the ACTION ITAM report is designed for this requirement.

    FedRAMP Workflow Process

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module workflows that may be delegated, monitored, reported, and dashboarding. Extensive audit logging allows for performance monitoring of system resources and system users. Boolean logic features allow for precise rule creation to alert the designated team members and transfer the right data points to additional forms, reports, dashboards, external integrations, and many other user-defined workflows.

    Customized FedRAMP workflow

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module workflows that may be delegated, monitored, reported, and dashboarding. Extensive audit logging allows for performance monitoring of system resources and system users. Boolean logic features allow for precise rule creation to alert the designated team members and transfer the right data points to additional forms, reports, dashboards, external integrations, and many other user-defined workflows.

    Custom Validators, Alerts, Notifications

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create an incident response workflow with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

    Triggering Workflows

    Once the automated integration inputs data into the systems intake forms-questionnaires-modules then the logic trigger functionality takes over. System administrators establish simple Boolean rules to trigger events and provide real-time alerts, notifications, reports, and dashboards keeping users informed and up to date.

    Automated Notification

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create any framework requirement with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

    Automated Workflow and Actions/Approvals

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create any framework requirement with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

    Reporting/Status Visibility

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides the Action ITAM and Status Indicator features that make it easy to identify exceptions, document exceptions, assign to one or more responsible users, notify all assigned and responsible parties, display through user-specific Priority Dashboards and consolidated team Action ITAM reports and Status Indicator reports making it easy to identify priorities and accountability. Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations all from within the Continuum GRC SaaS.

    Collaboration Capabilities

    The Continuum GRC SaaS solution is purpose-built for managing multi-team and multi-user projects. Integral to the system is an anti-collision capability that prevents users from “stepping on each other’s toes” utilizing our socket technology. Other users can see in real-time who is updating a form field and when they are completed.

    Review/Recommender Guidance

    The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. Only administrators may delete these conversations.

    Alerting and Notification

    Create alert-driven workflows with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

    Inherited Security Controls

    Continuum GRC has native functionality for auto mapping between frameworks to include control inheritance in real time. Every framework in our inventory does this without any additional configuration work. Also, an admin can use our form building tools to create something proprietary and have it also leverage auto mapping between frameworks and forms.

    Multiple Level Inheritance

    Continuum GRC has native functionality for auto mapping between frameworks to include control inheritance in real time. Every framework in our inventory does this without any additional configuration work. Also, an admin can use our form building tools to create something proprietary and have it also leverage auto mapping between frameworks and forms.

    Automatically Categorize Systems

    The Continuum GRC administrator may design modules that automatically score and categorize depending on the requirement needed. Using form logic allows additional show-hide-skip capabilities administrators can use to create intuitive and meaningful experiences for system respondents.

    Configuration Management Visibility

    The Continuum GRC administrator may design modules that automatically score and dashboard display alerts and notifications depending on the requirement needed. Using form logic allows additional show-hide-skip capabilities triggered on module sections made by end users that administrators can use to create intuitive and meaningful experiences for system respondents.

    Automatically Connect Vulnerabilities to Security Controls

    Each Continuum GRC module allows for the auto-mapping of vulnerabilities to controls. The administrator will need to determine what the relationship needs to be and then associate it with the control. Professional services are recommended to implement this native but complex requirement.

    Significant Change Request Process This requirement would function just like all other
    form-driven processes but with the specific purpose of the significant change request process. Continuum GRC has native functionality for displaying executive dashboards, summary reports, summary notifications and a plethora more.

    Deviation Request Process

    This requirement would function just like all other form-driven processes but with the specific purpose of the deviation request process. Continuum GRC has native functionality for displaying executive dashboards, summary reports, summary notifications and a plethora more.

    Automation

    Continuum GRC has native functionality for any process driven, form driven requirement and leverage a full suite of automation tools. This requirement may be easily created using integrated form builder drag-n-drop ease.

    Decomposition of Security Controls

    All Continuum GRC modules allows for the addition, deletion, and rearrangement of security controls with drag-n-drop ease.

    Continuous Monitoring

    Continuum GRC has native functionality for scheduled and on-demand reporting, hundreds of real-time dashboards are available.

    Annual Assessment ConMon Process

    This requirement is functionally no different than any other assessment module and workflows. Utilize workflow schedulers and form logic to keep updated and notified.

    Licensing

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides a flexible licensing model that is ala carte and allows organizations to grow with the platform. Continuum GRC is a modular solution. First, select a hosting option. Organizations with Federal and or CUI data will need FedRAMP Authorized AWS GovCloud hosting, otherwise, AWS hosting is just right. Deployment typically is between 2-24-Hours for a fully operational system. Second, select the access options you need. How many administrators, examiners, users, and entity groups do you need? Provisioning these takes just minutes within the Continuum GRC Access Control portal. Finally, what modules within the categories of Audit & Compliance Frameworks Modules, Risk Assessment & Management Modules, Governance & Policy Development Modules, and any Custom created modules does your organization need? These are deployed in just minutes for stock inventory modules. Custom-created modules are projects planned with an organization but typically take a few days to a week or so for most deliverables.

    User Support

    Continuum GRC standard support options include 24/7 Online Continuum GRC Service Manager is available to all subscribers, 24/7 Call +1 (888) 896-6207 for Continuum GRC customer service, 24/7 Online Continuum GRC knowledge base for all subscribers, 24/7 Online Continuum GRC Administration Manual for all subscribers with dedicated hosting, 24/7 Dedicated Service Agent for all subscribers with dedicated hosting, and 24/7 Custom Service Level Agreements (SLA) available with dedicated hosting agreements available which would include a 4-Hour response time if required.

    Knowledge Base Requirements

    The Continuum GRC SaaS solution allows for the ability to generate and develop knowledge base articles based on common challenges experienced by users or deliverables that are like ticketing functionality. The integral RBAC views to knowledge base articles to support self-remediation of issues is native functionality. Additionally, Continuum GRC’s company site provides an FAQ as an alternative.

    Documentation on Configuration

    Continuum GRC provides detailed configuration to parties that obtain our Package ID is FR1915750265. The Agency may use the FedRAMP Package Access Request Form to review the full FedRAMP Authorization details.

    Roadmap & Transparency

    Continuum GRC does not publish a roadmap to the public due to the unique intellectual property created which would be valuable to competitors. We do however share our roadmap with customers who are under NDA.

    Personnel Support

    Continuum GRC provides all of the ecosystem operational support and maintenance as a regular part of customer support. Additional professional support services and administration support are available as options. Additionally, there is a 24/7 Online Continuum GRC Administration Manual for all subscribers with dedicated hosting. Continuum GRC provides 24/7 support to customers through a variety of methods such as telephone, email, and online customer portals. There is an extensive online manual available to all users.

    Role-Based Access

    The Continuum GRC SaaS solution is a role-based system and administrators provision access to any project or resources in the system.

    C-SCRM

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create C-SCRM workflows with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

    Local IDP

    The Continuum GRC SaaS solution requires multi-factor authentication. Additionally, our SAML integration feature allows for the connection to internal or external SP-IDP systems that support CAC PIV, SSO, AD and a any SAML-compliant solution to other authentication management systems.

    SAML 2.0/Open ID

    The Continuum GRC SaaS solution requires multi-factor authentication. Additionally, our SAML integration feature allows for the connection to internal or external SP-IDP systems that support CAC PIV, SSO, AD and a any SAML-compliant solution to other authentication management systems.

    System of Record

    The Continuum GRC SaaS solutions projects, forms, questionnaires, datasets, evidentiary files, reports, and records all have unique identifiers. Additionally, the Record ID feature is a ticketing system feature allowing with unique identifiers for ticketing purposes.

    Digital Signatures

    The Continuum GRC SaaS solution provides digital signature capabilities within the system to include any number of signatories.

    Data Repository

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides a Blockchain Cryptographic Chain-of-Custody Evidence Management capability that associates system documents and all files in the system with a specific system user. Additionally, every module within the Continuum GRC is designed for data entry and date management.

    Identification and Archive of Linked Resources

    The Continuum GRC modules with existing linked resources remain available as do client introduced resources. Search capabilities provide users with the identification and searchable tools that improve the user experience.

    Test & Evaluation Infrastructure + Product Roadmap

    The Continuum GRC maintains a rolling three-year product roadmap with no End of Life defined. We are a privately owned sole-source provider and have no external debt or outside investors. We are only beholden to our customers to provide the best long-term solutions. All customers have the option of selecting separate test environments if optioned.

    Operation and Maintenance (O&M)

    Continuum GRC provides all of the ecosystem operational support and maintenance as a regular part of customer support. Additional professi

    Data Migration

    The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides feature-rich interfaces through pre-built integrations, form-questionnaire-module customizations, templated variables, parameter values, data webhook rules enabling logic triggers, and custom notification rules. Use HTTP Authentication, Custom HTTP Headers, Data Formatting, Key-Value Pairs, Raw Data, and other API-driven capabilities. Additionally, our dynamic data import tool allows for the importation and automatic form-questionnaire-module building creation to migrate from legacy applications into the automated power of Continuum GRC. Easily import external data sources through our patent pending Dynamic Integrator functionality, through custom API integrators, and through our OpenAPI capabilities which suit most data transactions between external systems, legacy systems, and even raw inputs.

    Container-based Microservices

    Continuum GRC prefers Docker for this requirement. This is leveraged for improved service rollouts.

    Configuration as Code (CaC)

    Continuum GRC development involves code to automate the provisioning, configuration, and management of system resources allowing for the consistency, repeatability, and faster recovery from failures. Our practice reduces the possibility of human error in configuration management, leading to higher reliability. Additionally, since our configuration is managed as code, it is version controlled, enabling easy tracking of changes and rollback if necessary.

    Extensible Container Hosting

    Continuum GRC prefers Docker for this requirement. This is leveraged for improved service rollouts.

    Agile Methodologies

    Continuum GRC employs an iterative and collaborative approaches to software development that prioritize flexibility, adaptability, and customer satisfaction which involves breaking down the development process into smaller, manageable increments or iterations, each typically lasting a few weeks.

    SBOM

    As a FedRAMP authorized SaaS solution, Continuum GRC provides a software inventory and will continue to do so.

    OSCAL Support

    The Document Manager within the system allows for customary document and file management features. The Template Manager allows for rich-text document creation and management capabilities for Rapid Document Generation, Digital Signatures, Change Detection Indicators, OSCAL, Multipart Excel, Word, CSV Spreadsheet, PDF, and TXT Document Output (POA&M, SSP, etc.).

    Maintain OSCAL Validator

    As OSCAL validation matures, Continuum GRC will maintain our adherence to the standard. The system is currently fully compliant.

    FedRAMP Validador

    As OSCAL validation matures, Continuum GRC will maintain our adherence to the standard. The system is currently fully compliant.

    NIST OSCAL CLI

    The Template Manager allows for rich-text document creation and management capabilities without the need for crude CLI interfaces.