The deployment must have minor business impact, minimum operational impact, and reduced organizational coordination.

The organization will not have a deployment, operational or implementation impact. Continuum GRC is a FedRAMP Authorized SaaS solution in the GovCloud. The company is responsible for the deployment which typically takes 2-24 hours before the client may gain access to the fully functional system.

The implementation requirements include required user account creation and notification email addresses for system notifications at a minimum. Any additional integration setup for SAML SSO, MFA and any organizationally adjusted site parameters within the Continuum GRC SaaS would take minutes to define.

Vendor to demonstrate they have sound professional service resource(s), potentially through a highly capable partner.

Continuum GRC employs in-house technical service employees as well as well-trained service partners covering all aspects of our customer commitments. A few channel partners have certified installation, training, custom development, administration support and fully managed options.

Continuum GRC’s Training & Orientation offerings include online training videos and literature, online orientation videos and literature, virtual 2-Day Boot Camp options, on-site 2-Day Boot Camp options, on-demand time and materials-based consulting sessions, and Certification Options for both the (CGRCP) Continuum GRC Professional and the (CGRCA) Continuum GRC Administrator.

The product must offer a high degree of usability to support a broad spectrum of users

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides robust role-based access to the system resources allowing for the granular provisioning of risk and security assessment modules, compliance and audit modules, policy development and management features, form-questionnaire-module development tools and a plethora of other system features.

Continuum GRC forms-questionnaires-modules offer intuitive, logic-driven, customizable user experiences that are only limited by the user’s creativity.

The product should be able to provide interfaces for integration with other systems and applications

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides feature-rich interfaces through pre-built integrations, form-questionnaire-module customizations, templated variables, parameter values, data webhook rules enabling logic triggers, and custom notification rules. Use HTTP Authentication, Custom HTTP Headers, Data Formatting, Key-Value Pairs, Raw Data, and other API-driven capabilities.

Additionally, our dynamic data import tool allows for the importation and automatic form-questionnaire-module building creation to migrate from legacy applications into the automated power of Continuum GRC.

The solution must provide clear and easy-to-understand built-in reports that will add value to the incident response process.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create an incident response workflow with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

The solution must provide an effective workflow engine that automates the management and distribution of task and works items and provides the ability to monitor the process

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module workflows that may be delegated, monitored, reported, and dashboarded. Extensive audit logging allows for performance monitoring of system resources and system users. Boolean logic features allow for precise rule creation to alert the designated team members and transfer the right data points to additional forms, reports, dashboards, external integrations, and many other user-defined workflows.

The solution must provide robust document management functionality that can track changes to documents as well as who made the changes.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides a Blockchain Cryptographic Chain-of-Custody Evidence Management capability that associates system documents and all files in the system with a specific system user.

All Continuum GRC form-questionnaire-modules have document production capabilities with outputs such as Word, Excel, PDF, and other document outputs. The Document Manager within the system allows for customary document and file management features.

The Template Manager allows for rich-text document creation and management capabilities for Rapid Document Generation, Digital Signatures, Change Detection Indicators, OSCAL, Multipart Excel, Word, CSV Spreadsheet, PDF, and TXT Document Output (POA&M, SSP, etc.), Easy Branding and Formatting.

The solution is to demonstrate a central repository for collecting, maintaining, and analysis of risk data.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides familiar form-questionnaire-module style inputs for the collection, maintenance, management, and analysis of risk assessment datasets.

Our popular two-click navigation Risk Heatmaps take you to your priority requirements quickly. Review dashboards such as the Consolidated Executive Review, Compliance Status, Risk Rating, Maturity Rating, Task and Deliverable Reports, Gap Reports, and Timeline Performance with Real-Time Charts, Graphs, and Maps.

Customize your risk assessments with flexible 999 to -999 Automatic Scores and Calculations, Micro and Macro Reporting Graphics, and Real-Time Dashboards. And Boolean Data Trigger Logic Reporting.

Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations.

The solution must provide robust support for various control frameworks (NIST CSF, NIST 800-53, etc.). The solution should be able to provide updates for these frameworks as they are made available.

Continuum GRC has auto-mapped the world's standards and frameworks seamlessly together. These are the most requested modules, but certainly not our entire inventory.

FedRAMP, StateRAMP, EUCS, PCI ROC & SAQ, SSAE 18 SOC 1, & SOC 2, CONMON, POA&M, CSF, CJIS, DFARS NIST 800-171, CMMC, C5, ISO 27001, 27005, 27017, 27018, 17020, 17021, 17025, 17065, HIPAA NIST 800-66, NIST 800-53, NERC CIP & 693, COSO, SEC, NFA, & FINRA, CIS, CTPAT, Cyber Essentials, FDA 21, FIPS 199, NIST 800-30, NIST 800-37, COSO ERM, Third-Party Risk Assessments, Vendor Risk Assessments, Physical Security Risk Assessments, Site Visit Risk Assessments, GDPR, CCPA, DPIA and more.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation tools that are drag-and-drop and easy to use. Create any framework requirement with custom alerts, notifications, dashboards, and response-driven intake processes conforming to the organization’s requirements while enhancing the requirements with intelligent automation, reporting, workflows, and dashboards.

The solution must provide efficient processes and functions to collect, manage and report on exceptions to the controls identified at the agency.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides the Action ITAM and Status Indicator features that make it easy to identify exceptions, document exceptions, assign to one or more responsible users, notify all assigned and responsible parties, display through user-specific Priority Dashboards and consolidated team Action ITAM reports and Status Indicator reports making it easy to identify priorities and accountability.

Go even further with our patent-pending Nested Entities and Crossview risk heatmaps giving users a high-level graphical understanding of risk and compliance inside the organization, and across multiple teams and organizations all from within the Continuum GRC SaaS.

The solution must have a robust built-in analytics library to support reporting and analysis.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides extensive on-board reporting features all of which may be sent to external integrated applications.

Create hundreds of dashboards and reports with many popular pre-built dashboards, but also end-user-defined reports that may be focused on the macro-level down to the micro-level.

Our patent-pending Nested Entities and Crossview risk heatmaps give users a high-level graphical understanding of risk and compliance inside the organization and across multiple teams and organizations all from within the Continuum GRC SaaS.

Analyze automatic scorecards, calculations, real-time dashboards, cross-dataset reporting, dashboards, and analysis views.

The solution to demonstrate the ability to support customization based on end-user input.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides form-questionnaire-module creation and customization tools that are drag-and-drop and easy to use.

System administrators are able to easily customize any form-questionnaire-module including those provided by Continuum GRC with any level of customization based on the organization’s end-user inputs.

The Continuum GRC platform was designed to provide an enormous customization capability without requiring any complex programming or professional support services.

Vendor to demonstrate the solution has the Network threat/anomaly detection capability.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides integration support to a variety of network threat/anomaly detection tools. Once the automated integration inputs this data into the systems intake forms-questionnaires-modules then the logic trigger functionality takes over.

System administrators establish simple Boolean rules to trigger events and provide real-time alerts, notifications, reports, and dashboards keeping users informed and up to date.

The solution should provide formal support and triage Service Level Agreement (Ideally 4 Hours).

Continuum GRC standard support options include:

24/7 Online Continuum GRC Service Manager is available to all subscribers.
24/7 Call +1 (888) 896-6207 for Continuum GRC customer service.
24/7 Online Continuum GRC knowledge base for all subscribers.
24/7 Online Continuum GRC Administration Manual for all subscribers with dedicated hosting.
24/7 Dedicated Service Agent for all subscribers with dedicated hosting.
24/7 Custom Service Level Agreements (SLA) available with dedicated hosting agreements available which would include a 4-Hour response time if required.

Provide the ability to create custom rules for suspicious behavior of processes and network communication.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides integration support to a variety of network threat/anomaly detection tools. Once the automated integration inputs this data into the systems intake forms-questionnaires-modules then the logic trigger functionality takes over.

System administrators establish simple Boolean rules to trigger events and provide real-time alerts, notifications, reports, and dashboards keeping users informed and up to date.

The solution is to demonstrate they have a centralized functional, highly granular management (preferably cloud-based), and easy-to-use central management/dashboard that shows appropriate information to address different levels of requirements from technical to governance levels.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides robust role-based access to the system resources allowing for the granular provisioning of risk and security assessment modules, compliance and audit modules, governance and policy development, management features, form-questionnaire-module development tools and a plethora of other system features.

The solution is to demonstrate a flexible licensing model that addresses business requirements.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides a flexible licensing model that is ala carte and allows organizations to grow with the platform. Continuum GRC is a modular solution.

First, select a hosting option. Organizations with Federal and or CUI data will need FedRAMP Authorized AWS GovCloud hosting, otherwise, AWS hosting is just right. Deployment typically is between 2-24-Hours for a fully operational system.

Second, select the access options you need. How many administrators, examiners, users, and entity groups do you need? Provisioning these takes just minutes within the Continuum GRC Access Control portal.

Finally, what modules within the categories of Audit & Compliance Frameworks Modules, Risk Assessment & Management Modules, Governance & Policy Development Modules, and any Custom created modules does your organization need? These are deployed in just minutes for stock inventory modules. Custom-created modules are projects planned with an organization but typically take a few days to a week or so for most deliverables.

The solution to demonstrate that the solution supports easy-to-manage patching and sufficient self-updating. Updates should require minimum interaction from Lab resources.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides a fully managed solution that does not require an organization to maintain, patch, or upgrade its system. Continuum GRC support takes care of all updating including frameworks and inventory modules.

Organizations will maintain their own internally created modules and settings, but all other aspects of the Continuum GRC are managed by Continuum GRC.

Vendor to demonstrate that the solution requires minimum effort to develop personnel skills and expertise to maximize the GRC investment.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides an intuitive user and management interface. While Continuum GRC offers many training & orientation offerings include online training videos and literature, online orientation videos and literature, virtual 2-Day Boot Camp options, on-site 2-Day Boot Camp options, on-demand time and materials-based consulting sessions, and Certification Options for both the (CGRCP) Continuum GRC Professional and the (CGRCA) Continuum GRC Administrator, customers rarely find it necessary to purchase enhanced training.

Ability to integrate with existing enterprise tools.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides feature-rich interfaces through pre-built integrations, form-questionnaire-module customizations, templated variables, parameter values, data webhook rules enabling logic triggers, and custom notification rules. Use HTTP Authentication, Custom HTTP Headers, Data Formatting, Key-Value Pairs, Raw Data, and other API-driven capabilities.

Additionally, our dynamic data import tool allows for the importation and automatic form-questionnaire-module building creation to migrate from legacy applications into the automated power of Continuum GRC.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

The solution must have a mature, open, secure, and easy-to-use API capability that allows the company to securely leverage the solution API capability to develop and integrate with other enterprise systems.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

Ability to integrate with other enterprise tools.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides feature-rich interfaces through pre-built integrations, form-questionnaire-module customizations, templated variables, parameter values, data webhook rules enabling logic triggers, and custom notification rules. Use HTTP Authentication, Custom HTTP Headers, Data Formatting, Key-Value Pairs, Raw Data, and other API-driven capabilities.

Additionally, our dynamic data import tool allows for the importation and automatic form-questionnaire-module building creation to migrate from legacy applications into the automated power of Continuum GRC.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption for file systems, databases, sessions, and all integration interoperability. Our OpenAPI conformity means that hundreds of solutions have integration opportunities with Continuum GRC. Those solution providers that utilize proprietary API requirements, will require that Continuum GRC creates these specialized applications and provide them to all customers. These custom requirements typically require about 1-2 months for development, testing, and production roll-out. Utilization of Continuum GRC OpenAPI connections takes minutes to define the connection parameters in our easy-to-use questionnaire forms.

Ability to securely retain data for an appropriate period of time that meets business requirements. Further, data retention should be customizable.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides FIPS 140-2 validated encryption on all database data and file-based data is fully backed up on a daily basis. On a weekly basis, the full system is images and stored in our GovCloud West hot storage Location. Also on a weekly basis, our full system images are stored simultaneously stored in our GovCloud East cold storage. Data does not leave our GovCloud FedRAMP Authorized boundary.

The Continuum GRC FedRAMP Authorized Package ID is FR1915750265 and contains additional information regarding our data retention and preservation implementations. The Agency may use the FedRAMP Package Access Request Form to review the full FedRAMP Authorization details.

Vendor to demonstrate they have the capability to provide 24x7 support in the servicing the Central time zone and are able to respond in a timely manner. Ideally 4-hour response time and the ability to quickly escalate critical incidents.

The Continuum GRC FedRAMP Authorized SaaS solution in the GovCloud provides standard support options that include:

24/7 Online Continuum GRC Service Manager is available to all subscribers.
24/7 Call +1 (888) 896-6207 for Continuum GRC customer service.
24/7 Online Continuum GRC knowledge base for all subscribers.
24/7 Online Continuum GRC Administration Manual for all subscribers with dedicated hosting.
24/7 Dedicated Service Agent for all subscribers with dedicated hosting.
24/7 Custom Service Level Agreements (SLA) available with dedicated hosting agreements available which would include a 4-Hour response time if required.

Ability to seamlessly migrate archived audit management software files (TeamMate AM) into usable and accessible format for document retention purposes.

Easily import external data sources through our patent pending Dynamic Integrator functionality, through custom API integrators, and through our OpenAPI capabilities which suit most data transactions between external systems, legacy systems, and even raw inputs.

Ability to seamlessly migrate current (open) audit management software files (TeamMate AM) into live usable files in the ASP.

Easily import external data sources through our patent pending Dynamic Integrator functionality, through custom API integrators, and through our OpenAPI capabilities which suit most data transactions between external systems, legacy systems, and even raw inputs.

Ability to be hosted initially on premises with the ability to move to a cloud environment during the course of the contract (if desired).

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Ability to test prior to patch/upgrade installations to production environment

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Compatible with Windows 10 and higher

As a FedRAMP Authorized SaaS solution, this requirement is not necessary however, common browsers supported by Windows 10 or higher are supported.

Compatible with MS Office 365

As a FedRAMP Authorized SaaS solution, this requirement is not necessary however, the output reports and templates are all compatible.

Compatible with Windows Server 2016 and above

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Scalable from 50 to 500 users

The Continuum GRC SaaS solution will accommodate this and more. Simple licensing accounts for the number of users and the system performance requirements.

Able to produce audit performance metrics

The Continuum GRC SaaS solution maintains real-time audit logs on all users to be analyzed as needed by administrators and examiners. These reports may also be exportable for further analysis.

Perform well in Virtual Machines and/or Virtual Desktop Infrastructure (VDI)

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Support for PIV cards

The SAML integration feature allows for the connection to internal or external SP-IDP systems that support CAC PIV functionality.

Ability to handle slow or latent connections through VPN or remote connections

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Ability to install client software with single installation package distributed via System Center Configuration Manager (SCCM)

As a FedRAMP Authorized SaaS solution, this requirement is not necessary.

Full logging of system configuration changes and user activity, including deletions

All administrators and examiners in the Continuum GRC SaaS solution have role-based access to activity, change, deletion logs and reports. These are reportable and searchable in the system. They are also exportable in a variety of formats.

No one has the ability to alter these records.

Easy access to logs and activity reports

All administrators and examiners in the Continuum GRC SaaS solution have role-based access to audit logs and activity reports. These are reportable and searchable in the system. They are also exportable in a variety of formats.

No one has the ability to alter these records.

FIPS 140-02 encryption for all data at rest and in transit

As a FedRAMP Authorized SaaS solution, this requirement is mandatory for authorization.

Software producer self-attestation of secure software development in accordance with OPM Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices

As a FedRAMP Authorized SaaS solution, this requirement is mandatory for authorization.

User-friendly, intuitive graphical interface

The Continuum GRC SaaS solution is a drag-n-drop solution that does not require complex programming to utilize its user interface. Users are presented with a logical and user-friendly interface.

Compliant with revised Section 508 accessibility standards.

Our Section 508 compliance rating is excellent.

Ability to create multiple project templates to ensure new projects include all required steps, based on their type

The Continuum GRC SaaS solution has a native drag-n-drop form builder tool that allows administrators to easily create any number or type of form templates the organization requires.

Ability to create templates for auditors/analysts to document review/audit work that include designated fields for purpose, source, scope, and conclusion (to meet both Yellow Book and/or Blue Book requirements)

The Continuum GRC solution is a SaaS product that will allow the organization to conduct and document audits and evaluations and maintain supporting documentation in accordance with Yellow Book and Blue Book standards leveraging our extensively customizable SaaS platform features.

Ability to create and assign permissions based on user roles such as Group Chief, Senior Team Leader, Auditor-In-Charge, Audit Staff, Quality Assurance, independent reference, reviewer, preparer, or combination of roles

The Continuum GRC SaaS solution is a zero-trust system that requires administrators to establish roles with granular permissions. The Entity container sets up groups that keep data separate. Users, Examiners and Administrators will have the access determined by designated Administrators.

Ability to assign staff to different projects with permissions specific to each project

The Continuum GRC SaaS solution requires administrators establish roles with granular permissions. The Entity container sets up groups that keep data separate. Users, Examiners and Administrators will have the access determined by designated Administrators.

Centralized software policy management

The Continuum GRC SaaS solution has a central document management feature allowing for full policy management, versioning, and inclusions as evidence if needed. All files in the system are protected by FIPS 140-2 validated encryption inside a private blockchain, chain of custody system.

Ability to create workflows

The Continuum GRC SaaS solution has a variety of workflow tools designed to interface with multiple entry points within a project workflow. These can be as simple as Approval-Deny by designated examiners, to hype-granular event logic driven workflow rules that are created easily with Boolean logic simplicity.

Ability to copy existing projects

The Continuum GRC SaaS solution provides the ability to clone or copy forms, datasets, modules, and templates within the system. Our patent pending auto-mapping technology even allows for synchronization of project data between different forms and reports in real time.

Configurable fields and labels for project information, recommendations, etc.

The Continuum GRC SaaS solution is purpose-built for managing multi-team and multi-user projects. Integral to the solution are features such as the Action ITAM designed for workflow questions, requests, comments, project notes, suspense dates, accountability reporting and other powerful features to satisfy this requirement.

Configurable to handle multiple audit groups with varying fields of review and audit templates

The Continuum GRC SaaS solution is designed to facilitate large audit groups, large datasets with any variety of form fields, audit templates and any other form of bespoke requirement requiring form driven assessments.

Ability to support records management requirements.

The Continuum GRC SaaS solution has a central records management feature allowing for management, versioning, and restoration if needed.

Ability for staff to access completed projects by other teams

The Continuum GRC SaaS solution is a role-based system and administrators provision access to any project in the system. Completed projects are archived in Read-Only mode.

Ability to archive audit and evaluation files that are no longer required to be maintained

Completed projects are archived in Read-Only mode. Archival versions are maintained in perpetuity until being deleted by administrators.

Ability to access and reinitiate archived files if necessary

Archival versions are maintained in perpetuity until administrators reinitiate or remove these versions.

Ability to train in simulated production environment using previous work or test files

The Continuum GRC SaaS solution allows for cloning of all datasets to allow for the provisioning of simulation environments within the same system.

Robust training for administrators

Continuum GRC provides 24/7 access to training documentation, videos and learning materials. We also provide advanced 2-Day Bootcamp for administrators. Organizations that require ongoing training and special support may do so under contracted terms.

Train the trainers

Organizations that require ongoing training and special support may do so under contracted terms. We have included in the attached Continuum GRC - ATTCH 4 Pricing Template training support by our professional service team.

Training documentation

Continuum GRC provides 24/7 support to customers through a variety of methods such as telephone, email, and online customer portals. There is an extensive online manual available to all users.

Assistance from remote Help Desk available during business hours (6am -6pm Eastern Time) Monday – Friday.

The Continuum GRC SaaS solution provides a 24/7 help desk system with responsive remote support by the team. Additional support may be contracted if required.

Detailed reference materials

The Continuum GRC SaaS solution provides a comprehensive administration and user manual to users on a 24/7 online basis.

Self-contained projects with unique permissions and roles (including Independent Referencing)

The Continuum GRC SaaS solution is a role-based system and administrators provision access to any project or resources in the system.

Unique identifier

The Continuum GRC SaaS solutions projects, forms, questionnaires, datasets, evidentiary files, reports, and records all have unique identifiers. Additionally, the Record ID feature is a ticketing system feature allowing with unique identifiers for ticketing purposes.

Ability to establish, monitor, revise, and track milestones for each project

The Continuum GRC SaaS solution provides extensive project management features to report on and track project phases and success metrics along the way. Utilizing features such as real-time Gantt charts, Action ITAM reporting, Status Indicators and other tools to address this requirement.

Support for current and future Microsoft Office 365 file types (including Outlook email files)

The Continuum GRC SaaS solution provides native file management capabilities for the file formats. Additionally, document types such as Word and Excel are standard template formats that are manageable within the system. All file types may be processed as artifacts within the system.

Support for current and future Adobe Acrobat PDF files

The Continuum GRC SaaS solution provides native file management capabilities for the file formats. Additionally, document types such as PDF are standard output report file formats that are manageable within the system. All file types may be processed as artifacts within the system.

Support for alternative office file types (GoogleDocs, open-source office files, etc.)

The Continuum GRC SaaS solution provides native file management capabilities for the file formats. All file types may be processed as artifacts within the system.

Support for industry-standard media files (audio, video, image)

All file types may be processed as artifacts within the system. Additionally, media files are playable within the system. These files may be locally stored and protected within the system or pulled from external sources if authorized.

Support for large-scale, complex data and analysis files

The Continuum GRC SaaS solution provides SQL big data support capabilities. Additionally, our database integration features allow for the connection to external data sources.

Unique identifier for each attachment

The Continuum GRC SaaS solution has a central document management feature allowing for full policy management, versioning, and inclusions as evidence if needed. All files in the system are protected by FIPS 140-2 validated encryption inside a private blockchain, chain of custody system. Each file has a unique identifier.

Ability to update/replace attachment

The Continuum GRC SaaS solution has a central document management feature allowing for common file management capabilities. This upload, update, replace or delete capability is also integral to all modules File Upload form element inside existing or custom modules.

Ability to export documents

The Continuum GRC SaaS solution has native reporting outputs that include Word, Excel, PDF, CSV and text formats all of which are easily updated.

Support for large numbers of attachments in each project, and large individual attachments

The Continuum GRC SaaS solution is capable of attaching any number or size of attachment in the system. By default, the system is a zero-trust system that requires administrators to establish rules for increasing attachment numbers and sizes. The current defaults are restricted to 15 non-executable files no larger than 5 GB in size. These values are completely adjustable by administrators.

Ability to restrict access to attachments to a specific project

The Continuum GRC SaaS solution is a zero-trust system that requires administrators to establish access to all system resources including project data.

Ability to easily share selected attachments across projects

The Continuum GRC SaaS solution is a zero-trust system that requires administrators to establish access to all system resources including project data across multiple projects. Our patent pending auto-mapping is a powerful feature enhancing data synchronization in real-time as needed.

Ability to retain/recover multiple versions of attachments

The Continuum GRC SaaS solution provides a full-featured file attachment management system. Utilizing versioning, archiving, and duplication, the ability to retain or recover attachments is native functionality. There is also a system recycling feature that allows for the full restoration of project data and attachments for up to 30 days.

Ability to lock attachments to prevent changes

The Continuum GRC SaaS solution is a role-based system and administrators provision access to any project in the system. Completed projects are archived in Read-Only mode including attachments.

Ability to identify content such as Personally Identifiable Information (PII), Personal Health Information (PHI), or Sensitive Security Information (SSI) that must be protected from public disclosure

The Continuum GRC SaaS solution provides a feature for tagging of datasets with identifiers such as PHI, PII and others. The system can also search or search and replace regular expressions to search for and replace content by users, examiners and administrators.

Ability to add additional identifying information beyond title to each attachment

The Continuum GRC SaaS solution provides a feature for tagging of datasets with identifiers. Additionally, native document functionality allows for the inclusion of metadata which is supported by the file management capabilities of the system.

Ability for multiple users to collaborate for document creation and editing

The Continuum GRC SaaS solution is purpose-built for managing multi-team and multi-user projects. Integral to the system is an anti-collision capability that prevents users from “stepping on each other’s toes” utilizing our socket technology. Other users can see in real-time who is updating a form field and when they are completed.

Preparer signoffs

The Continuum GRC SaaS solution provides digital signature capabilities within the system.

Reviewer signoffs, multi-level

The Continuum GRC SaaS solution provides digital signature capabilities within the system to include any number of signatories.

Controls to prevent reviewing document they prepared

The Continuum GRC SaaS solution provides functionality to manage the read-write permissions on data. This is controlled by the administrators and controlled by simple permissions or also form logic when processing datasets.

Ability to provide reviewer comments and receive response from preparer prior to reviewer sign-off and retain those comments

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. Only administrators may delete these conversations.

Ability to provide peer-to-peer comments

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. Only administrators may delete these conversations. Additionally, all forms may have peer-to-peer fields for the entry of comments that may be hidden from anyone without permissions to view them.

Ability to identify changes made after supervisory review

The Continuum GRC SaaS solution provides the Status Indicator feature that automatically changes visually to alert reviewers of any change that may have occurred after a review. Additionally, the Audit Mode feature prevents changes by locking the dataset into a read-only mode.

Ability to reference auditor/evaluator write-ups to supporting documentation

The Continuum GRC SaaS solution provides indexing of supporting documentation directly associated to an evaluation. The upload form elements make this easy and intuitive.

Ability to link documentation to work papers created within software as well as attachments including Word, Excel, and Acrobat documents (to the documents themselves and to specific locations within the documents)

The Continuum GRC SaaS solution provides indexing of supporting documentation such as Word, Excel, and Acrobat directly associated to an evaluation. The upload form elements make this easy and intuitive. Additionally, our patent pending auto-mapping technology allows for cross associations to other projects and data sources.

Ability to efficiently handle large number of references within individual documents and across the audit file

The Continuum GRC SaaS solution provides indexing of supporting documentation such as Word, Excel, and Acrobat directly associated to an evaluation. The upload form elements make this easy and intuitive. Additionally, our patent pending auto-mapping technology allows for cross associations to other projects and data sources.

Ability for staff not participating in audit to review and verify cross-indexed references of all statements of fact within draft and final reports created in MS Word

The Continuum GRC SaaS solution provides native output support for Word and Excel. All stages of a project through draft and approved production are managed through the system workflow.

Ability to add visual cues indicating independent reference has verified that indexed evidence supports each statement of fact (e.g., tick marks)

The Continuum GRC SaaS solution provides the Status Indicator feature that visually indicates the disposition of a project requirement. Additionally, the project or module templates may have additional checkboxes to represent this requirement.

Ability to utilize reviewer tools for feedback and sign-off

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. Only administrators may delete these conversations. Additionally, all forms may have reviewer fields for the entry of feedback that may be hidden from anyone without permissions to view them. Additionally, the Status Indicator feature that visually indicates the disposition of a project requirement.

Ability to identify changes made to document after IREF exits document (not marked reviewed)

The Continuum GRC SaaS solution provides the Status Indicator feature that automatically changes visually to alert reviewers of any change that may have occurred after a review.

Ability for audit team to see issues identified while IREF works in the document (i.e., comments or reviewer notes)

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary.

Ability to track progress of IREF

The Continuum GRC SaaS solution provides the Status Indicator report feature allowing for easy progress reporting.

Ability to segregate audit findings issued in the draft report and those in the final report

The Continuum GRC SaaS solution provides a versioning feature that would allow for the segregation of report versions easily. Additionally, the Status Indicator report allows for separate reporting on all versions of the project report.

Ability to document changes to audit findings between draft report and final report stages

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. Additionally, the Action ITAM report allows for separate reporting on all versions of the project report.

Ability to indicate if an audit finding was dropped or changed following the draft report stage.

The Continuum GRC SaaS solution provides the Action ITAM and the Status Report visual features to support this requirement. Additionally, the project or module templates may have additional checkboxes to represent this requirement.

Ability to create recommendations based on audit work

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary.

Ability to create custom fields for findings and recommendations to support tracking and reporting requirements (minimum of 5 monetary fields, 4 date fields, 7 selectable-text fields)

The Continuum GRC SaaS solution provides a drag-and-drop easy form builder tool to completely customize any form, questionnaire, or module.

Ability to mark recommendations for reporting (i.e., for tracking or information only)

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. The Action ITAM report is designed for this purpose.

Ability to track recommendations from migrated projects, including reporting

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. The Action ITAM report is designed for this purpose.

Status indicator for each recommendation (e.g., unresolved, resolved, closed)

The Continuum GRC SaaS solution provides the Status Indicator feature that indicates unaddressed (gray), unresolved (red), resolved (yellow) and closed (green) indications.

Ability to update recommendation status, including target action dates, and attach additional supporting information

The Continuum GRC SaaS solution is completely interactive allowing for real-time status changes, monitoring of project dates, workflow requirements for tasks or additional information, and a host of many other supporting features.

Ability to document auditee response to recommendations received in response to the draft report.

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. The Action ITAM report is designed for this purpose.

Ability to export open and/or closed recommendations as a dashboard for web-presentation.

The Continuum GRC SaaS solution provides the Action ITAM feature allowing for collaborative commentary. The Action ITAM report is designed for this purpose.

Ability to quickly locate documentation within a project using text-based search of labels and contents

The Continuum GRC SaaS solution provides a full featured document management capability allowing for a searchable attributes such as tags, labels, content, and typical file names.

Support for rich text formatting of text

The Continuum GRC SaaS solution provides the Paragraph form field element that is rich-text capable. It allows for the pasting of external data and utilize rich-text formatting tools as needed.

Support for Copy/Cut/Paste

The Continuum GRC SaaS solution provides the Paragraph form field element that is rich-text capable. It allows for the copy-cut-pasting of external data and utilize rich-text formatting tools as needed.

Support for inline and on-demand spell check, with editable dictionary

The Continuum GRC SaaS solution provides support for a variety of browser-based spelling and grammar checking tools to include editable custom dictionaries.

Ability to create and format tables

The Continuum GRC SaaS solution provides the Paragraph form field element that is rich-text capable. It allows for the creation and formatting of dynamic tables as needed.

Support for tracking of changes

The Continuum GRC SaaS solution provides the Status Indicator feature that automatically changes visually to alert reviewers of any change that may have occurred after a review. The Status Indicator report allows for dashboards and a variety of change reports.

Ability to create work papers and add support offline

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Ability to cancel offline items locked by users that may no longer be using them

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Process to synchronize offline changes to database

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Ability to review and resolve conflicts from offline production

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Controls to prevent unintentional overwrites by conflicting offline changes

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Ability for peer review access of entire audit file without access to the organization's network

As a FedRAMP Authorized SaaS solution, this requirement would not be applicable.

Easily accessible reports for staff indicating completion and review status

The Continuum GRC SaaS solution provides online viewing of any variety of reports in both document formats and graphic dashboards.

Visual reminders for pending deadlines and open items

The Continuum GRC SaaS solution provides the Action ITAM feature that provides dashboard views, document notifications and email alerts to deadlines and action items.

Access items directly from dashboards

The Continuum GRC SaaS solution provides a variety of purpose-created dashboards all allowing for direct linkages to project data.

Visual representation of open and/or closed recommendations

The Continuum GRC SaaS solution provides the Action ITAM feature that provides dashboard views, document notifications and email alerts to open and or closed items.

Ability to create notifications within the system for user-defined triggers such as pending deadlines, review status, recommendation dates, and required actions

The Continuum GRC SaaS solution provides native functionality for notification triggers, rules and workflow events which are defined by administrators.

Ability to create e-mail notifications based on user-defined triggers

The Continuum GRC SaaS solution provides native functionality for email notification triggers, rules and workflow events which are defined by administrators.

Ability to generate reports across entire database and within specific projects

The Continuum GRC SaaS solution provides a patent pending feature referred to as Nest Entities allowing for the cross-entity or cross-dataset viewing and reporting of projects.

Ability to create standard reports for tracking milestones — initial and revised dates compared to actual

The Continuum GRC SaaS solution provides extensive project management features to report on and track project phases and success metrics along the way. Utilizing features such as real-time Gantt charts, Action ITAM reporting, Status Indicators, and other tools to address this requirement.

Ability to automate creation of required reports such as a Semi-annual Report (SAR)

The Continuum GRC SaaS solution provides custom report document generation. There is no limitation here in the required outputs and may be produced in Word, Excel, PDF, CSV and text formats.

Ability to create standard reports for tracking recommendations — initial and revised dates compared to actual

The Continuum GRC SaaS solution provides extensive project management features to report on and track project phases and success metrics along the way. Utilizing features such as real-time Gantt charts, Action ITAM reporting, Status Indicators, and other tools to address this requirement.

Ability to automate creation of draft and final reports. Preference that reports are 508 compliant.

The Continuum GRC SaaS solution provides excellent 508 compliance. There are no known limitations with this requirement.

Ability to generate time and expense reports based on criteria such as user, project, or specified groups

The Continuum GRC SaaS solution has a native drag-n-drop form builder tool that allows administrators to easily create any number or type of form templates the organization requires.

Ability to generate reports on any database field

The Continuum GRC SaaS provides many ready-made reporting dashboards that dynamically update. Our reporting dashboards have hundreds of options that allows for extreme granularity of reporting options.

Ability to create ad hoc reports and queries

The Continuum GRC SaaS provides many ready-made reporting dashboards that dynamically update. Our reporting dashboards have hundreds of options that allows for extreme granularity of reporting options.

Ability for staff to report time and expenses on a biweekly basis

The Continuum GRC SaaS solution has a native drag-n-drop form builder tool that allows administrators to easily create any number or type of form templates the organization requires.

Ability for staff to charge time to non-project codes (e.g., sick leave, annual leave, award leave, holiday leave, etc.)

The Continuum GRC SaaS solution has a native drag-n-drop form builder tool that allows administrators to easily create any number or type of form templates the organization requires.

Workflow for supervisory review of all time and expense entries

The Continuum GRC SaaS solution has a variety of workflow tools designed to interface with multiple entry points within a project workflow. These can be as simple as Approval-Deny by designated examiners, to hype-granular event logic driven workflow rules that are created easily with Boolean logic simplicity.

Ability to easily re-assign staff to a different manager for time and expense reporting

The Continuum GRC SaaS solution requires administrators establish roles with granular permissions. The Entity container sets up groups that keep data separate. Users, Examiners and Administrators will have the access determined by designated Administrators.

Are there any other technology vendors that your product(s) integrate with?

The Continuum GRC SaaS solution’s OpenAPI integrates with hundreds of solution providers.

The Continuum GRC SaaS feature known as the Dynamic Data Integrator allows for the importation of external data sources, typically from legacy systems clients are migrating from to dynamically create system modules and automatically import large volumes of data.

In the event that a unique API integration is required to connect to an external solution’s proprietary system, we create these. It generally takes one month to code and QA test the solution for general production viability. Some examples we have are Qualys Scanner, Saint Scanner, Tenable.IO, and others.

What problems are you solving? What are some government use cases for your product(s)?

Every business and organizational entity in the world must endeavor to eliminate risks that threaten them, their employees, and shareholders. Additionally, those industries have unique regulatory and industry compliance, audit, attestations, and authorizations they must be compliant with.

The Continuum GRC SaaS provides a FedRAMP Authorized and StateRAMP Authorized secure solution that enables the development of those readiness and program requirements; enabled the independent evaluation of risk and compliance by assessment authorities calculating governance, risk, and compliance metrics, dashboards, and documentation during that phase; and facilitates the continuous monitoring and maintenance of these programs for the entire life-cycle of these programs.

Supporting 26 languages, the high degree of automation, integrations, and auto-mapping between the world's compliance frameworks provides an intuitive solution to our clients.

High-level overview of your products and solutions.

https://continuumgrc.com/videos/

The Continuum GRC is an agile, affordable risk assessment and compliance management automation solution and is the only global platform authorized for both FedRAMP and StateRAMP requirements. Our Partner Program goal is to drive new business and be more efficient for partners across all verticals of business anywhere across the globe.

Continuum GRC is a collaborative and cost-effective audit & compliance, risk assessment & risk management, and policy & governance development solution that helps our partners be cost-effective.

Auto-mapped standards, automated documentation, real-time status, risk & maturity offerings work across all of the audits, regulatory and risk frameworks in 26 languages saving time and money.

Continuum GRC reduces manual labor by 55% on average, with some tasks such as maintaining multiple frameworks by an astounding 100%.

Enterprise security, dynamic dashboards, document generation, integrations, and connectivity for advanced collaborations.

Automation and creative tools along with Blockchain Chain-of-Custody evidence management for auditors.

Controls must ‘live’ within the system, and it must be possible to link to other modules (e.g. risks and audit findings), and send out self-assessments

The Continuum GRC SaaS is a full-featured risk assessment & risk management, compliance assessment & compliance management, policy development & policy management system for the enterprise.

Controls would have various elements such as frequency, priority, control type, owner, evidence of operation for each cycle and reference to a risk and policy

Continuum GRC has native functionality for workflows, notification logic, and schedulers are included.

Controls can be assigned to local owners in the system

Continuum GRC has native functionality for delegation and assignment workflows.

Ability to add multiple control frameworks some created and managed internally (e.g. in house FCAR, ITCAR, MITCAR) and some external (e.g. NIST CSF) against sites/entities/IT applications

Continuum GRC currently supports more than 85 of the worlds frameworks with intenally developed frameworks also.

Self-assessments can be downloaded blank (as well as when completed)

Continuum GRC has native functionality for exporting any state of a self-assessment.

System must be able to handle the fact we are a global business with multiple entities (e.g. Global, Regional, Sector, Function) and users working regionally/globally. IT applications would also be considered an entity or asset against which multiple controls or control sets could be applied.

Continuum GRC has native functionality for the separation of different groups, entities, divisions, users, companies, etc. through our Entity feature.

Evidence of control performance can be uploaded from multiple sites at varying frequencies (i.e. the same control is applicable to 40 sites and all can load evidence quarterly)

Continuum GRC has native functionality for evidence management from a variety of sources including locally attached, automated integrations, and other inputs.

Results of audit work can be linked to entities/sites (inc. IT applications) and logged against controls and risks

Continuum GRC has native functionality for organizing findings with control requirements and risks.

Separate boxes for audit findings/issues and the actual action

Continuum GRC has native functionality for issue remediation tracking and workflows.

Ability for admins to change the risk rating of an action in the system

Continuum GRC has native functionality for Admins to modify any parameter of an assessment module. Examiners are able to change the risk status of the assessment inputs.

System can link to other data sources common input sources (e.g. SAP, excel) to support control monitoring and is able to extract data for reporting purposes OR provide appropriate reporting solution in system.

Continuum GRC has native functionality for inegrating with a variety of external data sources. Additionally, our Dynamic Data Integrator will intake external csv and Excel documents easily.

User access can be viewed by certain user groups (and not just admins)

Continuum GRC has native functionality for Admins and Examiners (a role like an auditor or manager of a user group.) to do this.

Risk scoring/categorisation mechanism can be tailored to fit with risk frameworks (and can be updated if we want to change the framework at a later date)

Continuum GRC has native functionality for trailoring all parameters without programming changes. We also provide a creation tool for complete customizations.

Local risks can be shared across site risk registers / baseline controls (i.e. risk of major explosion) to drive consistency

Continuum GRC has native functionality for auto mapping between control requirements and this includes status and risk.

System must be able to hold and report on risk appetite scores and link them appropriately to component risks including highlighting where risk appetite is outside tolerance by site/entity

Continuum GRC has native functionality for displaying risk scores and heatmap style dashboards making it easy to focus on risk priorities.

Consider possibility of auto-generation of regional risk registers based on highest scoring risks in local site registers (with ability to add additional risks on strategy etc)

Continuum GRC has native functionality for displaying risk across many entities, areas, or other grouping based display requirements.

System has a full audit trail that is accessible by admins as a minimum

Continuum GRC has native functionality for detailed audit logging and reports that are accessible to Admins and Examiners, however none have the ability to alter these records.

Speed – system must be responsive in a timely manner

Continuum GRC SaaS is designed for responive interfaces.

System must be configurable to requirements without the need for bespoke coding/heavy customisation

Continuum GRC has native functionality for a plethora of powerful customization features none of which requires any coding.

Continuous Controls Monitoring (CCM) capabilities – i.e. Ability to run reports for sites to assess control performance ; standard reports generated where controls not performed.

Continuum GRC has native functionality for scheduled and on-demand reporting, hundreds of real-time dashboards are available.

Ability to classify certain controls as key controls – thinking ahead for Sox implementation

Continuum GRC has native functionality for allows for custom tagging, classifications and groupings without coding.

Repository to store process documentation, user guides, training, manuals etc

Continuum GRC has native functionality for encrypted file management, docuyment management, policy management and protected with a private blockchain-based evidence management system.

As well local control owners in the system – have process owner role.

Continuum GRC has native functionality for role-based access and delegations.

To be able to add user defined controls in cases where risks are not covered by existing suite of controls – given the duplication issues in the Hive we should have an approval process (preferably the process owner) before a user defined control can be added.

Continuum GRC has native functionality for the creation and modification of all control frameworks and custom frameworks.

Workflow for controls that require multiple performers i.e. preparer and reviewer

Continuum GRC has native functionality for many levels of workflow.

Automated workflow with notification of upcoming assigned tasks (including execution of a control) being due configurable reminders and escalation for any task / action that has gone over due by a defined time limit

Continuum GRC has native functionality for a multitude of workflow triggers to notify, schedule, update, and more.

Able to group sites/entities into multiple logical groups (e.g. Regional Field to group sites into their respective regions for actions and risks)

Continuum GRC has native functionality for an Entity which is a grouping of resources and users that may be many layers and many separations.

Must be able to define different site types and ability to retain and save the controls attributed to each site type rather than repeating this exercise annually (e.g. Manufacturing Site, Sales Site, GMP site)

Continuum GRC has native functionality for site administrators to separate site types in our Entity feature.

Standard risk registers, by site type/asset (e.g. a manufacturing site, a sales office, an Incotec site, an IT Application, Database or Operating system etc)

Continuum GRC has native functionality for standard risk registrations with separation by Entity site type.

Ability to differentiate risks as current or emerging

Continuum GRC has native functionality for modifying with our Form Builder tools any module, form, or questionnaire in the system with drag-n-drop ease. This could be a simple as adding a multichoice field to an existing form.

Ability to show the velocity score of risks

Continuum GRC has native functionality for showing velocity as a percentage of total risk and as velocity as a spearate value.

A field showing the date when the audit action was added to the system

Continuum GRC has native functionality for a variety of audit trail displays including change date data.

A field showing the date when the audit action was closed

Continuum GRC has native functionality for modifying with our Form Builder tools any module, form, or questionnaire in the system with drag-n-drop ease. This could be a simple as adding a multichoice field to an existing form.

Single Sign On capability to Active Directory

Continuum GRC has native functionality for SAML connections to AD and other authentication management systems.

Ability to upload multiple files as supporting evidence in PDF and standard Microsoft formats, Word, Excel, Outlook emails

Continuum GRC has native functionality for the uploading, editing, and management of these file types.

Ability to have different levels of access across the modules (e.g. risk register owners, site owners, control owners, reviewers, approvers) and comprehensive reporting capability

Continuum GRC has native functionality for role based delegation to all system resources.

Ability to copy and paste from and into fields

Continuum GRC has native functionality for Rich Text fields supporting this requirement.

Ability to hold risks in risk registers

Continuum GRC has native functionality for the creation of any type of form. Our Risk Registry module accomplishes this, but may also be modified without coding.

Ability to hold actions with owner, raised date, detail and due dates against controls and risks.

Continuum GRC has native functionality known as an Action ITAM that serves this purpose.

Ability to add, edit and delete sites (a site being a logical unit at which risks, audits and controls can be managed against)

Continuum GRC has native functionality for Administrators to easily accomplish this.

Ability to export risk register to excel

Continuum GRC has native functionality for the exportation in Excel among several other file types.

Ability to filter across all fields

Continuum GRC has native functionality for advances data searches and filtering.

Ability to reference each risk by it's own reference number

Continuum GRC has native functionality for reference numbers with our Record ID field element ticketing features.

Ability to delete/archive/edit risks

Continuum GRC has native functionality for real time modifications to all data sets in production, or in archive.

Have multiple risk registers across the group

Continuum GRC has native functionality for Administrators to easily accomplish this.

Ability to configure system to align with risk framework

Continuum GRC has native functionality for easy creation of custom frameworks and the modification of standard frameworks with drag-n-drop ease.

Ability to type free text

Continuum GRC has native functionality for this requirement.

Ability to score a risk (both Pre/Post control) with likelihood and impact then multiply for final risk score

Continuum GRC has native functionality for showing before and after as a percentage of total risk.

Ability to have a checker to see who last edited the actions and risks

Continuum GRC has native functionality for both Examiners and Admins to review audit logs for everyone in the system.

Change management process/audit logs when making updates to the system.

Continuum GRC has native functionality for both Examiners and Admins to review audit logs for everyone in the system.

Ability to see when the actions and risks were last updated

Continuum GRC has native functionality for both Examiners and Admins to review audit logs for everyone in the system.

Ability to save risk as draft

Continuum GRC has native functionality for draft, then final, then archive versions.

Ability to view Generic Risk List

Continuum GRC has native functionality for any type of form be created. Our Form Builder tools allow for the Admin to easily create anything.

Ability to add a Generic Risk

Continuum GRC has native functionality for any type of form be created. Our Form Builder tools allow for the Admin to easily create anything.

Ability to have drop down lists for each box when required

Continuum GRC has native functionality for any type of form be created. Our Form Builder tools allow for the Admin to easily create anything.

Ability to filter audit actions

Continuum GRC has native functionality for advanced data searches.

Ability to export Action List to excel

Continuum GRC has native functionality to export audit logs and many other data attributes to Excel.

Ability for admins to edit/delete actions

Continuum GRC has native functionality to prevent the tampering with audit logs.

Ability of admin to add a new audit action

Continuum GRC has native functionality for workflows to include audit actions to forms and modules. If this requirement is to add to the system audit logging, that would require a development ticket.

Ability to have pre set drop down lists

Continuum GRC has native functionality in the Form Builder tooling for this requirement.

Ability to free type own description

Continuum GRC has native functionality in the Form Builder tooling for this requirement.

Ability to automate colours depending weather action is overdue

Continuum GRC has native functionality for assigning scores to our color pallet.

System admin- use same account for everything (main role/action role/ risk workflow role)

Continuum GRC has native functionality for role based access to address this requirement.

Ability to export Access Lists

Continuum GRC has native functionality in the Access Manager for this requirement.

Ability to add/edit users for admins

Continuum GRC has native functionality in the Access Manager for this requirement.

When editing/adding users have an assignment capability that allows users to be granted rights (read, update, etc) to multiple entities (e.g. sectors/functions/regions)

Continuum GRC has native functionality in the Access Manager for this requirement.

Admin- ability to change user details e.g. password

Continuum GRC has native functionality in the Access Manager for this requirement.

Admin- ability to make a user inactive

Continuum GRC has native functionality in the Access Manager for this requirement.

Admin- ability to see all the roles a user has

Continuum GRC has native functionality in the Access Manager for this requirement.

Admin- ability to bulk edit

Continuum GRC has native functionality for certain bulk actions. More information is needed to better define this requirement.

Ability to see and report on what role access you have

Continuum GRC has native functionality in the Access Manager for this requirement.

Ability to have a risk category manager

Continuum GRC has native functionality to easily assign roles.

Ability to add/edit/delete (entities) sites for admins

Continuum GRC has native functionality in the Access Manager for this requirement.

Ability to apply people organisation structure to a site/entity structures (e.g. right people have access to appropriate sites)

Continuum GRC has native functionality in the Access Manager for this requirement.

Ability to add FCAR,MITCAR,e.g. to site (FCAR, ITCAR, MITCAR being a set of defined controls appliable to a specific site)

Continuum GRC has native functionality in the Form Builder tooling for this requirement.

Able to measure risk impact in qualitative and/or quantitative terms Continuum GRC has native functionality for showing risk as a percentage of total risk and displaying in various dashboards real time values. We are not using traditional formulas for this feature.

Ability to send out an automated email to task/action owners including periodic reminders with up incoming deadlines

Continuum GRC has native functionality for notification logic, triggers, and workflows.

Ability to bring up a calendar when entering a date and quick click the date

Continuum GRC has native functionality for this requirement.

Ability to filter against (exclude)

Continuum GRC has native functionality for advanced data searches.

Automated log out when inactive

Continuum GRC has native functionality for setting timeouts by the site administrator.

Be able to have a desired end state risk position e.g. pre controls we have a rating of 30, post control its 24 but desired state is 12. The risk treatment plan should then be moving us towards that level of risk.

Continuum GRC has native functionality for scoring a single element within a renage of -999 up to 999 with color pallet addignments based on score. This provides options for this requirement.

Be able to link a defined control to an industry standard control from multiple frameworks e.g. ISO27001, NIST CSF, COBIT

Continuum GRC has native functionality for Auto Mapping between standards. This also includes custom modules created by site Admins.

Be able to demonstrate state of compliance of controls against multiple standard frameworks e.g. ISO27001, NIST CSF, COBIT

Continuum GRC has native functionality for supporting all of the aforementioned standards and hundreds more. Additionally, all of our standards auto map meaning the syste exponentially save work and prevents human error.

Ability to record and track Key Risk indicators (KRI) or KPI against risks and controls

Continuum GRC has native functionality for displaying these metrics in dashboards and report outputs.

Ability to store group policies and documentation including lifecycle management (draft, review, publish) with the ability to publish to external sources such as SharePoint

Continuum GRC has native functionality for Policy and Document management in the system. The full life-cycle inside the system. System outputs and integrations allow for publishing to external systems.

Ability to have risk appetite and risk tolerance scores

Continuum GRC has native functionality for Admins to design their own forms and apply their own scores easily.

Ability to have parent child risk relationships with some logic checking e.g. Cyber Risk may have multiple component risks that require managing separately and for logic for example the child risk cannot be greater than the parent risk.

Continuum GRC has native functionality for logic driven forms, scores, and workflows to be established by the site Admin.

Audit delivery: Ability to create and approve an audit terms of reference (e.g. scope) within the system.

Continuum GRC has native functionality for from driven workflows that support this requirement.

Audit delivery: Ability to draft an audit report within the system including an executive summary, overall report rating and individual finding risk ratings (commentary on findings , recommendations, risks etc, risk linked to controls), optionally suggest actions and submit the draft for management responses, management responses are then reviewed and approved and actions can be automatically added to the system with identified owner and due date. Ability to publish the report to multiple stakeholders and extract the report to word or PowerPoint.

Continuum GRC has native functionality for all of these requirements. Form driven workflows and document and report generation are all fundamental features.

Ability to link policies to risks to controls throughout the system

Continuum GRC has native functionality for designing form that directly associate evidence and policies to controls. This is simple functionality integral to the system.

Be able to record whether a risk affects the C,I,A of a system per ISO27001 Clause 6.1.2c)1): The organization shall define and apply an information security risk assessment process that: c) identifies the information security risks: 1) apply the information security risk assessment process to identify risks associated with the loss of confidentiality, integrity and availability for information within the scope of the information security management system;"

Continuum GRC has native functionality as a form driven system. Every form regardless if it is from our inventory or designed by the site admin has the capability to capture this requirement.

Ability to have a single control support multiple control frameworks (e.g. operate a control once apply to multiple sites/entities/IT applications as appropriate) rather than execute the same control multiple times

Continuum GRC has native functionality for auto mapping between frameworks in real time. Every framework in our invintory does this without any additional configuration work. Also, an admin can use our form building tools to create something proprietary and have it also leverage auto mapping between frameworks and forms.

Comprehensive dynamic reporting capabilities and trending over customisable date ranges on actions, risks and controls at a minimum at site/entity/IT application levels to be used by the Group Risk and Assurance team for monitoring

Continuum GRC has native functionality for hundreds of dashboard reports from the micro to the macro that all update in real time.

Comprehensive dashboard capabilities allowing actionable information appropriate to the role within the system. (e.g. Site owner can see key risks, failing controls, audit actions and any escalations, upcoming due items)

Continuum GRC has native functionality for providing several system indications, dashboards, logic notifications and reports that are all role based assigned.

Comprehensive executive level reporting/trending which can be used to present at senior Risk Committee, Audit Committee (e.g. enterprise level risk reporting)

Continuum GRC has native functionality for displaying executive dashboards, summary reports, summary notifications and a plethora more.

Dynamic dashboard and report of controls by logic al grouping (e.g. site/entity/IT application/control framework) showing current status - (e.g. effective, ineffective, overdue) and % compliance (essentially an on demand status assessment)

Continuum GRC has native functionality for an Entity which is a grouping of resources and users that may be many layers and many separations.

Capability to manage enterprise/site/function Business Continuity Management

Continuum GRC has native functionality for any process driven, form driven requirement and leverage a full suite of automation tools. This requirement may be easily created using integrated form builde drag-n-drop ease.

Capability to manage enterprise Crisis Management

Continuum GRC has native functionality for any process driven, form driven requirement and leverage a full suite of automation tools. This requirement may be easily created using integrated form builde drag-n-drop ease.

Capability to manage enterprise HSE (Health Safety Executive)

Continuum GRC has native functionality for any process driven, form driven requirement and leverage a full suite of automation tools. This requirement may be easily created using integrated form builde drag-n-drop ease.

Capability to manage enterprise ESG (environment sustainability governance)

Continuum GRC has native functionality for any framework. We provide many pre-configured modules in our invontory. We also support all others including proprietary ones. This requirement may be easily created using integrated form builde drag-n-drop ease.