The deployment must have minor business impact, minimum operational impact, and reduced organizational coordination.

The organization will not have a deployment, operational or implementation impact. Continuum GRC is a FedRAMP Authorized SaaS solution in the GovCloud. The company is responsible for the deployment which typically takes 2-24 hours before the client may gain access to the fully functional system.

The implementation requirements include required user account creation and notification email addresses for system notifications at a minimum. Any additional integration setup for SAML SSO, MFA and any organizationally adjusted site parameters within the Continuum GRC SaaS would take minutes to define.

Vendor to demonstrate they have sound professional service resource(s), potentially through a highly capable partner.

Continuum GRC employs in-house technical service employees as well as well-trained service partners covering all aspects of our customer commitments. A few channel partners have certified installation, training, custom development, administration support and fully managed options.

Continuum GRC’s Training & Orientation offerings include online training videos and literature, online orientation videos and literature, virtual 2-Day Boot Camp options, on-site 2-Day Boot Camp options, on-demand time and materials-based consulting sessions, and Certification Options for both the (CGRCP) Continuum GRC Professional and the (CGRCA) Continuum GRC Administrator.

The product must offer a high degree of usability to support a broad spectrum of users

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides robust role-based access to the system resources allowing for the granular provisioning of risk and security assessment modules, compliance and audit modules, policy development and management features, form-questionnaire-module development tools and a plethora of other system features.

Continuum GRC forms-questionnaires-modules offer intuitive, logic-driven, customizable user experiences that are only limited by the user’s creativity.

The product should be able to provide interfaces for integration with other systems and applications

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides feature-rich interfaces through pre-built integrations, form-questionnaire-module customizations, templated variables, parameter values, data webhook rules enabling logic triggers, and custom notification rules. Use HTTP Authentication, Custom HTTP Headers, Data Formatting, Key-Value Pairs, Raw Data, and other API-driven capabilities.

Additionally, our dynamic data import tool allows for the importation and automatic form-questionnaire-module building creation to migrate from legacy applications into the automated power of Continuum GRC.

The solution must provide clear and easy-to-understand built-in reports that will add value to the incident response process.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create an incident response workflow with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

The solution must provide an effective workflow engine that automates the management and distribution of task and works items and provides the ability to monitor the process

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module workflows that may be delegated, monitored, reported, and dashboarded. Extensive audit logging allows for performance monitoring of system resources and system users. Boolean logic features allow for precise rule creation to alert the designated team members and transfer the right data points to additional forms, reports, dashboards, external integrations, and many other user-defined workflows.

The solution must provide robust document management functionality that can track changes to documents as well as who made the changes.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides a Blockchain Cryptographic Chain-of-Custody Evidence Management capability that associates system documents and all files in the system with a specific system user.

All Continuum GRC form-questionnaire-modules have document production capabilities with outputs such as Word, Excel, PDF, and other document outputs. The Document Manager within the system allows for customary document and file management features.

The Template Manager allows for rich-text document creation and management capabilities for Rapid Document Generation, Digital Signatures, Change Detection Indicators, OSCAL, Multipart Excel, Word, CSV Spreadsheet, PDF, and TXT Document Output (POA&M, SSP, etc.), Easy Branding and Formatting.

The solution is to demonstrate a central repository for collecting, maintaining, and analysis of risk data.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides familiar form-questionnaire-module style inputs for the collection, maintenance, management, and analysis of risk assessment datasets.

Our popular two-click navigation Risk Heatmaps take you to your priority requirements quickly. Review dashboards such as the Consolidated Executive Review, Compliance Status, Risk Rating, Maturity Rating, Task and Deliverable Reports, Gap Reports, and Timeline Performance with Real-Time Charts, Graphs, and Maps.

Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting.

Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations.

The solution must provide robust support for various control frameworks (NIST CSF, NIST 800-53, etc.). The solution should be able to provide updates for these frameworks as they are made available.

Continuum GRC has auto-mapped the world's standards and frameworks seamlessly together. These are the most requested modules, but certainly not our entire inventory.

FedRAMP, StateRAMP, EUCS, PCI ROC & SAQ, SSAE 18 SOC 1, & SOC 2, CONMON, POA&M, CSF, CJIS, DFARS NIST 800-171, CMMC, C5, ISO 27001, 27005, 27017, 27018, 17020, 17021, 17025, 17065, HIPAA NIST 800-66, NIST 800-53, NERC CIP & 693, COSO, SEC, NFA, & FINRA, CIS, CTPAT, Cyber Essentials, FDA 21, FIPS 199, NIST 800-30, NIST 800-37, COSO ERM, Third-Party Risk Assessments, Vendor Risk Assessments, Physical Security Risk Assessments, Site Visit Risk Assessments, GDPR, CCPA, DPIA and more.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create any framework requirement with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

The solution must provide efficient processes and functions to collect, manage and report on exceptions to the controls identified at the agency.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides the Action ITAM and Status Indicator features that make it easy to identify exceptions, document exceptions, assign to one or more responsible users, notify all assigned and responsible parties, display through user-specific Priority Dashboards and consolidated team Action ITAM reports and Status Indicator reports making it easy to identify priorities and accountability.

Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations all from within the Continuum GRC SaaS.

The solution must have a robust built-in analytics library to support reporting and analysis.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides extensive on-board reporting features all of which may be sent to external integrated applications.

Create hundreds of dashboards and reports with many popular pre-built dashboards, but also end-user-defined reports that may be focused on the macro-level down to the micro-level.

Our patent-pending Nested Entities and Crossview risk heatmaps give users a high-level graphical understanding of risk and compliance inside the organization and across multiple teams and organizations all from within the Continuum GRC SaaS.

Analyze automatic scorecards, calculations, real-time dashboards, cross-dataset reporting, dashboards, and analysis views.

The solution to demonstrate the ability to support customization based on end-user input.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation and customization tools that are drag-and-drop and easy to use.

System administrators are able to easily customize any form-questionnaire-module including those provided by Continuum GRC with any level of customization based on the organization’s end-user inputs.

The Continuum GRC platform was designed to provide an enormous customization capability without requiring any complex programming or professional support services.

Vendor to demonstrate the solution has the Network threat/anomaly detection capability.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides integration support to a variety of network threat/anomaly detection tools. Once the automated integration inputs this data into the systems intake forms-questionnaires-modules then the logic trigger functionality takes over.

System administrators establish simple Boolean rules to trigger events and provide real-time alerts, notifications, reports, and dashboards keeping users informed and up to date.

The solution should provide formal support and triage Service Level Agreement (Ideally 4 Hours).

Continuum GRC standard support options include:

24/7 Online Continuum GRC Service Manager is available to all subscribers.
24/7 Call +1 (888) 896-6207 for Continuum GRC customer service.
24/7 Online Continuum GRC knowledge base for all subscribers.
24/7 Online Continuum GRC Administration Manual for all subscribers with dedicated hosting.
24/7 Dedicated Service Agent for all subscribers with dedicated hosting.
24/7 Custom Service Level Agreements (SLA) available with dedicated hosting agreements available which would include a 4-Hour response time if required.

Provide the ability to create custom rules for suspicious behavior of processes and network communication.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides integration support to a variety of network threat/anomaly detection tools. Once the automated integration inputs this data into the systems intake forms-questionnaires-modules then the logic trigger functionality takes over.

System administrators establish simple Boolean rules to trigger events and provide real-time alerts, notifications, reports, and dashboards keeping users informed and up to date.

The solution is to demonstrate they have a centralized functional, highly granular management (preferably cloud-based), and easy-to-use central management/dashboard that shows appropriate information to address different levels of requirements from technical to governance levels.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides robust role-based access to the system resources allowing for the granular provisioning of risk and security assessment modules, compliance and audit modules, governance and policy development, management features, form-questionnaire-module development tools and a plethora of other system features.

The solution is to demonstrate a flexible licensing model that addresses business requirements.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides a flexible licensing model that is ala carte and allows organizations to grow with the platform. Continuum GRC is a modular solution.

First, select a hosting option. Organizations with Federal and or CUI data will need FedRAMP Authorized AWS GovCloud hosting, otherwise, AWS hosting is just right. Deployment typically is between 2-24-Hours for a fully operational system.

Second, select the access options you need. How many administrators, examiners, users, and entity groups do you need? Provisioning these takes just minutes within the Continuum GRC Access Control portal.

Finally, what modules within the categories of Audit & Compliance Frameworks Modules, Risk Assessment & Management Modules, Governance & Policy Development Modules, and any Custom created modules does your organization need? These are deployed in just minutes for stock inventory modules. Custom-created modules are projects planned with an organization but typically take a few days to a week or so for most deliverables.

The solution to demonstrate that the solution supports easy-to-manage patching and sufficient self-updating. Updates should require minimum interaction from Lab resources.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides a fully managed solution that does not require an organization to maintain, patch, or upgrade its system. Continuum GRC support takes care of all updating including frameworks and inventory modules.

Organizations will maintain their own internally created modules and settings, but all other aspects of the Continuum GRC are managed by Continuum GRC.

Vendor to demonstrate that the solution requires minimum effort to develop personnel skills and expertise to maximize the GRC investment.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides an intuitive user and management interface. While Continuum GRC offers many training & orientation offerings include online training videos and literature, online orientation videos and literature, virtual 2-Day Boot Camp options, on-site 2-Day Boot Camp options, on-demand time and materials-based consulting sessions, and Certification Options for both the (CGRCP) Continuum GRC Professional and the (CGRCA) Continuum GRC Administrator, customers rarely find it necessary to purchase enhanced training.

Ability to integrate with existing enterprise tools.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides feature-rich interfaces through pre-built integrations, form-questionnaire-module customizations, templated variables, parameter values, data webhook rules enabling logic triggers, and custom notification rules. Use HTTP Authentication, Custom HTTP Headers, Data Formatting, Key-Value Pairs, Raw Data, and other API-driven capabilities.

Additionally, our dynamic data import tool allows for the importation and automatic form-questionnaire-module building creation to migrate from legacy applications into the automated power of Continuum GRC.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

The solution must have a mature, open, secure, and easy-to-use API capability that allows the company to securely leverage the solution API capability to develop and integrate with other enterprise systems.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

Ability to integrate with other enterprise tools.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides feature-rich interfaces through pre-built integrations, form-questionnaire-module customizations, templated variables, parameter values, data webhook rules enabling logic triggers, and custom notification rules. Use HTTP Authentication, Custom HTTP Headers, Data Formatting, Key-Value Pairs, Raw Data, and other API-driven capabilities.

Additionally, our dynamic data import tool allows for the importation and automatic form-questionnaire-module building creation to migrate from legacy applications into the automated power of Continuum GRC.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

Ability to securely retain data for an appropriate period of time that meets business requirements. Further, data retention should be customizable.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption on all database data and file-based data is fully backed up on a daily basis. On a weekly basis, the full system is images and stored in our GovCloud West hot storage Location. Also on a weekly basis, our full system images are stored simultaneously stored in our GovCloud East cold storage. Data does not leave our GovCloud FedRAMP Authorized boundary.

The Continuum GRC FedRAMP Authorized Package ID is FR1915750265 and contains additional information regarding our data retention and preservation implementations. The Agency may use the FedRAMP Package Access Request Form to review the full FedRAMP Authorization details.

Vendor to demonstrate they have the capability to provide 24x7 support in the servicing the Central time zone and are able to respond in a timely manner. Ideally 4-hour response time and the ability to quickly escalate critical incidents.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides standard support options that include:

24/7 Online Continuum GRC Service Manager is available to all subscribers.
24/7 Call +1 (888) 896-6207 for Continuum GRC customer service.
24/7 Online Continuum GRC knowledge base for all subscribers.
24/7 Online Continuum GRC Administration Manual for all subscribers with dedicated hosting.
24/7 Dedicated Service Agent for all subscribers with dedicated hosting.
24/7 Custom Service Level Agreements (SLA) available with dedicated hosting agreements available which would include a 4-Hour response time if required.

Ability to seamlessly migrate archived audit management software files (TeamMate AM) into usable and accessible format for document retention purposes.

Easily import external data sources through our patent pending Dynamic Integrator functionality, through custom API integrators, and through our OpenAPI capabilities which suit most data transactions between external systems, legacy systems, and even raw inputs.

Ability to seamlessly migrate current (open) audit management software files (TeamMate AM) into live usable files in the ASP.

Easily import external data sources through our patent pending Dynamic Integrator functionality, through custom API integrators, and through our OpenAPI capabilities which suit most data transactions between external systems, legacy systems, and even raw inputs.

Ability to be hosted initially on premises with the ability to move to a cloud environment during the course of the contract (if desired).

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Ability to test prior to patch/upgrade installations to production environment

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Compatible with Windows 10 and higher

As a FedRAMP Authorized SaaS solution, this requirement is not necessary however, common browsers supported by Windows 10 or higher are supported.

Compatible with MS Office 365

As a FedRAMP Authorized SaaS solution, this requirement is not necessary however, the output reports and templates are all compatible.

Compatible with Windows Server 2016 and above

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Scalable from 50 to 500 users

The Continuum GRC SaaS solution will accommodate this and more. Simple licensing accounts for the number of users and the system performance requirements.

Able to produce audit performance metrics

The Continuum GRC SaaS solution maintains real-time audit logs on all users to be analyzed as needed by administrators and examiners. These reports may also be exportable for further analysis.

Perform well in Virtual Machines and/or Virtual Desktop Infrastructure (VDI)

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Support for PIV cards

The SAML integration feature allows for the connection to internal or external SP-IDP systems that support CAC PIV functionality.

Ability to handle slow or latent connections through VPN or remote connections

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Ability to install client software with single installation package distributed via System Center Configuration Manager (SCCM)

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Full logging of system configuration changes and user activity, including deletions

All administrators and examiners in the Continuum GRC SaaS solution have role-based access to activity, change, deletion logs and reports. These are reportable and searchable in the system. They are also exportable in a variety of formats.

No one has the ability to alter these records.

Easy access to logs and activity reports

All administrators and examiners in the Continuum GRC SaaS solution have role-based access to audit logs and activity reports. These are reportable and searchable in the system. They are also exportable in a variety of formats.

No one has the ability to alter these records.

FIPS 140-02 encryption for all data at rest and in transit

As a FedRAMP Authorized SaaS solution, this requirement is mandatory for authorization.

Software producer self-attestation of secure software development in accordance with OPM Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices

As a FedRAMP Authorized SaaS solution, this requirement is mandatory for authorization.

User-friendly, intuitive graphical interface

The Continuum GRC SaaS solution is a drag-n-drop solution that does not require complex programming to utilize its user interface. Users are presented with a logical and user-friendly interface.

Compliant with revised Section 508 accessibility standards.

Our Section 508 compliance rating is excellent.

Ability to create multiple project templates to ensure new projects include all required steps, based on their type

The Continuum GRC SaaS solution has a native drag-n-drop form builder tool that allows administrators to easily create any number or type of form templates the organization requires.

Ability to create templates for auditors/analysts to document review/audit work that include designated fields for purpose, source, scope, and conclusion (to meet both Yellow Book and/or Blue Book requirements)

The Continuum GRC solution is a SaaS product that will allow the organization to conduct and document audits and evaluations and maintain supporting documentation in accordance with Yellow Book and Blue Book standards leveraging our extensively customizable SaaS platform features.

Ability to create and assign permissions based on user roles such as Group Chief, Senior Team Leader, Auditor-In-Charge, Audit Staff, Quality Assurance, independent reference, reviewer, preparer, or combination of roles

The Continuum GRC SaaS solution is a zero-trust system that requires administrators to establish roles with granular permissions. The Entity container sets up groups that keep data separate. Users, Examiners and Administrators will have the access determined by designated Administrators.

Ability to assign staff to different projects with permissions specific to each project

The Continuum GRC SaaS solution requires administrators establish roles with granular permissions. The Entity container sets up groups that keep data separate. Users, Examiners and Administrators will have the access determined by designated Administrators.

Centralized software policy management

The Continuum GRC SaaS solution has a central document management feature allowing for full policy management, versioning, and inclusions as evidence if needed. All files in the system are protected by FIPS 140-2 validated encryption inside a private blockchain, chain of custody system.

Ability to create workflows

The Continuum GRC SaaS solution has a variety of workflow tools designed to interface with multiple entry points within a project workflow. These can be as simple as Approval-Deny by designated examiners, to hype-granular event logic driven workflow rules that are created easily with Boolean logic simplicity.

Ability to copy existing projects

The Continuum GRC SaaS solution provides the ability to clone or copy forms, datasets, modules, and templates within the system. Our patent pending auto-mapping technology even allows for synchronization of project data between different forms and reports in real time.

Configurable fields and labels for project information, recommendations, etc.

The Continuum GRC SaaS solution is purpose-built for managing multi-team and multi-user projects. Integral to the solution are features such as the Action ITAM designed for workflow questions, requests, comments, project notes, suspense dates, accountability reporting and other powerful features to satisfy this requirement.

Configurable to handle multiple audit groups with varying fields of review and audit templates

The Continuum GRC SaaS solution is designed to facilitate large audit groups, large datasets with any variety of form fields, audit templates and any other form of bespoke requirement requiring form driven assessments.

Ability to support records management requirements.

The Continuum GRC SaaS solution has a central records management feature allowing for management, versioning, and restoration if needed.

Ability for staff to access completed projects by other teams

The Continuum GRC SaaS solution is a role-based system and administrators provision access to any project in the system. Completed projects are archived in Read-Only mode.

Ability to archive audit and evaluation files that are no longer required to be maintained

Completed projects are archived in Read-Only mode. Archival versions are maintained in perpetuity until being deleted by administrators.

Ability to access and reinitiate archived files if necessary

Archival versions are maintained in perpetuity until administrators reinitiate or remove these versions.

Ability to train in simulated production environment using previous work or test files

The Continuum GRC SaaS solution allows for cloning of all datasets to allow for the provisioning of simulation environments within the same system.

Robust training for administrators

Continuum GRC provides 24/7 access to training documentation, videos and learning materials. We also provide advanced 2-Day Bootcamp for administrators. Organizations that require ongoing training and special support may do so under contracted terms.

Train the trainers

Organizations that require ongoing training and special support may do so under contracted terms. We have included in the attached Continuum GRC - ATTCH 4 Pricing Template training support by our professional service team.

Training documentation

Continuum GRC provides 24/7 support to customers through a variety of methods such as telephone, email, and online customer portals. There is an extensive online manual available to all users.

Assistance from remote Help Desk available during business hours (6am -6pm Eastern Time) Monday – Friday.

The Continuum GRC SaaS solution provides a 24/7 help desk system with responsive remote support by the team. Additional support may be contracted if required.

Detailed reference materials

The Continuum GRC SaaS solution provides a comprehensive administration and user manual to users on a 24/7 online basis.

Self-contained projects with unique permissions and roles (including Independent Referencing)

The Continuum GRC SaaS solution is a role-based system and administrators provision access to any project or resources in the system.

Unique identifier

The Continuum GRC SaaS solutions projects, forms, questionnaires, datasets, evidentiary files, reports, and records all have unique identifiers. Additionally, the Record ID feature is a ticketing system feature allowing with unique identifiers for ticketing purposes.

Ability to establish, monitor, revise, and track milestones for each project

The Continuum GRC SaaS solution provides extensive project management features to report on and track project phases and success metrics along the way. Utilizing features such as real-time Gantt charts, Action ITAM reporting, Status Indicators and other tools to address this requirement.

Support for current and future Microsoft Office 365 file types (including Outlook email files)

The Continuum GRC SaaS solution provides native file management capabilities for the file formats. Additionally, document types such as Word and Excel are standard template formats that are manageable within the system. All file types may be processed as artifacts within the system.

Support for current and future Adobe Acrobat PDF files

The Continuum GRC SaaS solution provides native file management capabilities for the file formats. Additionally, document types such as PDF are standard output report file formats that are manageable within the system. All file types may be processed as artifacts within the system.

Support for alternative office file types (GoogleDocs, open-source office files, etc.)

The Continuum GRC SaaS solution provides native file management capabilities for the file formats. All file types may be processed as artifacts within the system.

Support for industry-standard media files (audio, video, image)

All file types may be processed as artifacts within the system. Additionally, media files are playable within the system. These files may be locally stored and protected within the system or pulled from external sources if authorized.

Support for large-scale, complex data and analysis files

The Continuum GRC SaaS solution provides SQL big data support capabilities. Additionally, our database integration features allow for the connection to external data sources.

Unique identifier for each attachment

The Continuum GRC SaaS solution has a central document management feature allowing for full policy management, versioning, and inclusions as evidence if needed. All files in the system are protected by FIPS 140-2 validated encryption inside a private blockchain, chain of custody system. Each file has a unique identifier.

Ability to update/replace attachment

The Continuum GRC SaaS solution has a central document management feature allowing for common file management capabilities. This upload, update, replace or delete capability is also integral to all modules File Upload form element inside existing or custom modules.

Ability to export documents

The Continuum GRC SaaS solution has native reporting outputs that include Word, Excel, PDF, CSV and text formats all of which are easily updated.

Support for large numbers of attachments in each project, and large individual attachments

The Continuum GRC SaaS solution is capable of attaching any number or size of attachment in the system. By default, the system is a zero-trust system that requires administrators to establish rules for increasing attachment numbers and sizes. The current defaults are restricted to 15 non-executable files no larger than 5 GB in size. These values are completely adjustable by administrators.

Ability to restrict access to attachments to a specific project

The Continuum GRC SaaS solution is a zero-trust system that requires administrators to establish access to all system resources including project data.

Ability to easily share selected attachments across projects

The Continuum GRC SaaS solution is a zero-trust system that requires administrators to establish access to all system resources including project data across multiple projects. Our patent pending auto-mapping is a powerful feature enhancing data synchronization in real-time as needed.

Ability to retain/recover multiple versions of attachments

The Continuum GRC SaaS solution provides a full-featured file attachment management system. Utilizing versioning, archiving, and duplication, the ability to retain or recover attachments is native functionality. There is also a system recycling feature that allows for the full restoration of project data and attachments for up to 30 days.

Ability to lock attachments to prevent changes

The Continuum GRC SaaS solution is a role-based system and administrators provision access to any project in the system. Completed projects are archived in Read-Only mode including attachments.

Ability to identify content such as Personally Identifiable Information (PII), Personal Health Information (PHI), or Sensitive Security Information (SSI) that must be protected from public disclosure

The Continuum GRC SaaS solution provides a feature for tagging of datasets with identifiers such as PHI, PII and others. The system can also search or search and replace regular expressions to search for and replace content by users, examiners and administrators.

Ability to add additional identifying information beyond title to each attachment

The Continuum GRC SaaS solution provides a feature for tagging of datasets with identifiers. Additionally, native document functionality allows for the inclusion of metadata which is supported by the file management capabilities of the system.

Ability for multiple users to collaborate for document creation and editing

The Continuum GRC SaaS solution is purpose-built for managing multi-team and multi-user projects. Integral to the system is an anti-collision capability that prevents users from “stepping on each other’s toes” utilizing our socket technology. Other users can see in real-time who is updating a form field and when they are completed.

Preparer signoffs

The Continuum GRC SaaS solution provides digital signature capabilities within the system.

Reviewer signoffs, multi-level

The Continuum GRC SaaS solution provides digital signature capabilities within the system to include any number of signatories.

Controls to prevent reviewing document they prepared

The Continuum GRC SaaS solution provides functionality to manage the read-write permissions on data. This is controlled by the administrators and controlled by simple permissions or also form logic when processing datasets.

Ability to provide reviewer comments and receive response from preparer prior to reviewer sign-off and retain those comments

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. Only administrators may delete these conversations.

Ability to provide peer-to-peer comments

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. Only administrators may delete these conversations. Additionally, all forms may have peer-to-peer fields for the entry of comments that may be hidden from anyone without permissions to view them.

Ability to identify changes made after supervisory review

The Continuum GRC SaaS solution provides the Status Indicator feature that automatically changes visually to alert reviewers of any change that may have occurred after a review. Additionally, the Audit Mode feature prevents changes by locking the dataset into a read-only mode.

Ability to reference auditor/evaluator write-ups to supporting documentation

The Continuum GRC SaaS solution provides indexing of supporting documentation directly associated to an evaluation. The upload form elements make this easy and intuitive.

Ability to link documentation to work papers created within software as well as attachments including Word, Excel, and Acrobat documents (to the documents themselves and to specific locations within the documents)

The Continuum GRC SaaS solution provides indexing of supporting documentation such as Word, Excel, and Acrobat directly associated to an evaluation. The upload form elements make this easy and intuitive. Additionally, our patent pending auto-mapping technology allows for cross associations to other projects and data sources.

Ability to efficiently handle large number of references within individual documents and across the audit file

The Continuum GRC SaaS solution provides indexing of supporting documentation such as Word, Excel, and Acrobat directly associated to an evaluation. The upload form elements make this easy and intuitive. Additionally, our patent pending auto-mapping technology allows for cross associations to other projects and data sources.

Ability for staff not participating in audit to review and verify cross-indexed references of all statements of fact within draft and final reports created in MS Word

The Continuum GRC SaaS solution provides native output support for Word and Excel. All stages of a project through draft and approved production are managed through the system workflow.

Ability to add visual cues indicating independent reference has verified that indexed evidence supports each statement of fact (e.g., tick marks)

The Continuum GRC SaaS solution provides the Status Indicator feature that visually indicates the disposition of a project requirement. Additionally, the project or module templates may have additional checkboxes to represent this requirement.

Ability to utilize reviewer tools for feedback and sign-off

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. Only administrators may delete these conversations. Additionally, all forms may have reviewer fields for the entry of feedback that may be hidden from anyone without permissions to view them. Additionally, the Status Indicator feature that visually indicates the disposition of a project requirement.

Ability to identify changes made to document after IREF exits document (not marked reviewed)

The Continuum GRC SaaS solution provides the Status Indicator feature that automatically changes visually to alert reviewers of any change that may have occurred after a review.

Ability for audit team to see issues identified while IREF works in the document (i.e., comments or reviewer notes)

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary.

Ability to track progress of IREF

The Continuum GRC SaaS solution provides the Status Indicator report feature allowing for easy progress reporting.

Ability to segregate audit findings issued in the draft report and those in the final report

The Continuum GRC SaaS solution provides a versioning feature that would allow for the segregation of report versions easily. Additionally, the Status Indicator report allows for separate reporting on all versions of the project report.

Ability to document changes to audit findings between draft report and final report stages

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. Additionally, the Action ITAM report allows for separate reporting on all versions of the project report.

Ability to indicate if an audit finding was dropped or changed following the draft report stage.

The Continuum GRC SaaS solution provides the Action ITAM and the Status Report visual features to support this requirement. Additionally, the project or module templates may have additional checkboxes to represent this requirement.

Ability to create recommendations based on audit work

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary.

Ability to create custom fields for findings and recommendations to support tracking and reporting requirements (minimum of 5 monetary fields, 4 date fields, 7 selectable-text fields)

The Continuum GRC SaaS solution provides a drag-and-drop easy form builder tool to completely customize any form, questionnaire, or module.

Ability to mark recommendations for reporting (i.e., for tracking or information only)

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. The Action ITAM report is designed for this purpose.

Ability to track recommendations from migrated projects, including reporting

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. The Action ITAM report is designed for this purpose.

Status indicator for each recommendation (e.g., unresolved, resolved, closed)

The Continuum GRC SaaS solution provides the Status Indicator feature that indicates unaddressed (gray), unresolved (red), resolved (yellow) and closed (green) indications.

Ability to update recommendation status, including target action dates, and attach additional supporting information

The Continuum GRC SaaS solution is completely interactive allowing for real-time status changes, monitoring of project dates, workflow requirements for tasks or additional information, and a host of many other supporting features.

Ability to document auditee response to recommendations received in response to the draft report.

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. The Action ITAM report is designed for this purpose.

Ability to export open and/or closed recommendations as a dashboard for web-presentation.

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. The Action ITAM report is designed for this purpose.

Ability to quickly locate documentation within a project using text-based search of labels and contents

The Continuum GRC SaaS solution provides a full featured document management capability allowing for a searchable attributes such as tags, labels, content, and typical file names.

Support for rich text formatting of text

The Continuum GRC SaaS solution provides the Paragraph form field element that is rich-text capable. It allows for the pasting of external data and utilize rich-text formatting tools as needed.

Support for Copy/Cut/Paste

The Continuum GRC SaaS solution provides the Paragraph form field element that is rich-text capable. It allows for the copy-cut-pasting of external data and utilize rich-text formatting tools as needed.

Support for inline and on-demand spell check, with editable dictionary

The Continuum GRC SaaS solution provides support for a variety of browser-based spelling and grammar checking tools to include editable custom dictionaries.

Ability to create and format tables

The Continuum GRC SaaS solution provides the Paragraph form field element that is rich-text capable. It allows for the creation and formatting of dynamic tables as needed.

Support for tracking of changes

The Continuum GRC SaaS solution provides the Status Indicator feature that automatically changes visually to alert reviewers of any change that may have occurred after a review. The Status Indicator report allows for dashboards and a variety of change reports.

Ability to create work papers and add support offline

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Ability to cancel offline items locked by users that may no longer be using them

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Process to synchronize offline changes to database

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Ability to review and resolve conflicts from offline production

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Controls to prevent unintentional overwrites by conflicting offline changes

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Ability for peer review access of entire audit file without access to the organization's network

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Easily accessible reports for staff indicating completion and review status

The Continuum GRC SaaS solution provides online viewing of any variety of reports in both document formats and graphic dashboards.

Visual reminders for pending deadlines and open items

The Continuum GRC SaaS solution provides the Action ITAM feature that provides dashboard views, document notifications and email alerts to deadlines and action items.

Access items directly from dashboards

The Continuum GRC SaaS solution provides a variety of purpose-created dashboards all allowing for direct linkages to project data.

Visual representation of open and/or closed recommendations

The Continuum GRC SaaS solution provides the Action ITAM feature that provides dashboard views, document notifications and email alerts to open and or closed items.

Ability to create notifications within the system for user-defined triggers such as pending deadlines, review status, recommendation dates, and required actions

The Continuum GRC SaaS solution provides native functionality for notification triggers, rules and workflow events which are defined by administrators.

Ability to create e-mail notifications based on user-defined triggers

The Continuum GRC SaaS solution provides native functionality for email notification triggers, rules and workflow events which are defined by administrators.

Ability to generate reports across entire database and within specific projects

The Continuum GRC SaaS solution provides a patent pending feature referred to as Nest Entities allowing for the cross-entity or cross-dataset viewing and reporting of projects.

Ability to create standard reports for tracking milestones — initial and revised dates compared to actual

The Continuum GRC SaaS solution provides extensive project management features to report on and track project phases and success metrics along the way. Utilizing features such as real-time Gantt charts, Action ITAM reporting, Status Indicators, and other tools to address this requirement.

Ability to automate creation of required reports such as a Semi-annual Report (SAR)

The Continuum GRC SaaS solution provides custom report document generation. There is no limitation here in the required outputs and may be produced in Word, Excel, PDF, CSV and text formats.

Ability to create standard reports for tracking recommendations — initial and revised dates compared to actual

The Continuum GRC SaaS solution provides extensive project management features to report on and track project phases and success metrics along the way. Utilizing features such as real-time Gantt charts, Action ITAM reporting, Status Indicators, and other tools to address this requirement.

Ability to automate creation of draft and final reports. Preference that reports are 508 compliant.

The Continuum GRC SaaS solution provides excellent 508 compliance. There are no known limitations with this requirement.

Ability to generate time and expense reports based on criteria such as user, project, or specified groups

The Continuum GRC SaaS solution has a native drag-n-drop form builder tool that allows administrators to easily create any number or type of form templates the organization requires.

Ability to generate reports on any database field

The Continuum GRC SaaS provides many ready-made reporting dashboards that dynamically update. Our reporting dashboards have hundreds of options that allows for extreme granularity of reporting options.

Ability to create ad hoc reports and queries

The Continuum GRC SaaS provides many ready-made reporting dashboards that dynamically update. Our reporting dashboards have hundreds of options that allows for extreme granularity of reporting options.

Ability for staff to report time and expenses on a biweekly basis

The Continuum GRC SaaS solution has a native drag-n-drop form builder tool that allows administrators to easily create any number or type of form templates the organization requires.

Ability for staff to charge time to non-project codes (e.g., sick leave, annual leave, award leave, holiday leave, etc.)

The Continuum GRC SaaS solution has a native drag-n-drop form builder tool that allows administrators to easily create any number or type of form templates the organization requires.

Workflow for supervisory review of all time and expense entries

The Continuum GRC SaaS solution has a variety of workflow tools designed to interface with multiple entry points within a project workflow. These can be as simple as Approval-Deny by designated examiners, to hype-granular event logic driven workflow rules that are created easily with Boolean logic simplicity.

Ability to easily re-assign staff to a different manager for time and expense reporting

The Continuum GRC SaaS solution requires administrators establish roles with granular permissions. The Entity container sets up groups that keep data separate. Users, Examiners and Administrators will have the access determined by designated Administrators.

Are there any other technology vendors that your product(s) integrate with?

The Continuum GRC SaaS solution’s OpenAPI integrates with hundreds of solution providers.

The Continuum GRC SaaS feature known as the Dynamic Data Integrator allows for the importation of external data sources, typically from legacy systems clients are migrating from to dynamically create system modules and automatically import large volumes of data.

In the event that a unique API integration is required to connect to an external solution’s proprietary system, we create these. It generally takes one month to code and QA test the solution for general production viability. Some examples we have are Qualys Scanner, Saint Scanner, Tenable.IO, and others.

What problems are you solving? What are some government use cases for your product(s)?

Every business and organizational entity in the world must endeavor to eliminate risks that threaten them, their employees, and shareholders. Additionally, those industries have unique regulatory and industry compliance, audit, attestations, and authorizations they must be compliant with.

The Continuum GRC SaaS provides a FedRAMP Authorized and StateRAMP Authorized secure solution that enables the development of those readiness and program requirements; enabled the independent evaluation of risk and compliance by assessment authorities calculating governance, risk, and compliance metrics, dashboards, and documentation during that phase; and facilitates the continuous monitoring and maintenance of these programs for the entire life-cycle of these programs.

Supporting 26 languages, the high degree of automation, integrations, and auto-mapping between the world's compliance frameworks provides an intuitive solution to our clients.

High-level overview of your products and solutions.

https://continuumgrc.com/videos/

The Continuum GRC is an agile, affordable risk assessment and compliance management automation solution and is the only global platform authorized for both FedRAMP and StateRAMP requirements. Our Partner Program goal is to drive new business and be more efficient for partners across all verticals of business anywhere across the globe.

Continuum GRC is a collaborative and cost-effective audit & compliance, risk assessment & risk management, and policy & governance development solution that helps our partners be cost-effective.

Auto-mapped standards, automated documentation, real-time status, risk & maturity offerings work across all of the audits, regulatory and risk frameworks in 26 languages saving time and money.

Continuum GRC reduces manual labor by 55% on average, with some tasks such as maintaining multiple frameworks by an astounding 100%.

Enterprise security, dynamic dashboards, document generation, integrations, and connectivity for advanced collaborations.

Automation and creative tools along with Blockchain Chain-of-Custody evidence management for auditors.