SMACK GRC Requirements

Whether you are trying to achieve compliance with SOX, PCI DSS, GDPR, NIST or any other standard, SMACK GRC can meet your requirements, helping you to ensure that your organization's risks are well managed and compliance position clearly understood.

Requirements for GRC

No matter whether you are trying to achieve compliance with SOX, PCI DSS, GDPR, NIST or any other standard, SMACK GRC can meet your requirements, helping you to ensure that your organizations risks are well managed and compliance position clearly understood.

Sarbanes Oxley, SOX

  • SOX has evolved over the last number of years as the regulators, businesses and auditors have matured. Never has it been more important to ensure that evidence for the operation of controls is clear.
  • Monitor your controls compliance real-time, so you do not have to wait and rely on the auditors alone to tell you whether or not you are compliant. Use checklists within the controls management functionality to ensure that control operators are performing each essential part of key controls, especially "review" controls.
  • Manage and monitor remediation of failed controls real-time Powerful, dynamic multi-dimensional reporting. Pre-built dashboards and reports, see standing of controls by location, regulatory requirement, vendor or system profile, control domain, etc. Build you own custom reports
  • Fully configurable. Each organization has different needs when it comes to controls management. It is easy to add new fields, add to or change the functionality according to your organizations' needs

Data Privacy, GDPR, HIPAA

  • Data Privacy laws are becoming ever more complex as each jurisdiction puts their own version of data privacy laws and consequences for breaches in place. Just check out the latest Baker McKenzie 2018 Global Privacy Handbook which outlines requirements of laws in more than 50 countries, including GDPR, California state law, HIPAA, Privacy Shield, etc.
  • In order to avoid prosecution, fines and penalties, it is critical that controls are operating effectively to ensure that only those authorized are able to see personal data, sensitive personal data, employee personal data, data belonging to minors, etc. It is also important to track the handling of any potential data privacy incidents and perform Privacy Impact Assessments as appropriate for system and process changes. (Functionality coming soon, or quickly build your own)
  • Powerful, dynamic multi-dimensional reporting. Pre-built dashboards and reports, see standing of controls by location, regulatory requirement, vendor or system profile, control domain, etc. Build you own custom reports
  • Fully configurable. Each organization has different needs when it comes to controls management. It is easy to add new fields, add to or change the functionality according to your organizations' needs

PCI DSS

  • PCI compliance is not easy to achieve with the breadth of more than 200 required controls.
  • Monitor your controls compliance real-time, so you do not have to wait and rely on the ISA or QSA assessors alone to tell you whether or not you are compliant.
  • Use checklists within the controls management functionality to ensure that control operators are performing each essential part of key controls
  • Additionally it is important to track the monitoring of POS devices for tampering. This can be a monumental task and difficult to manage, but can be monitored easily using SMACK GRC
  • Powerful, dynamic multi-dimensional reporting. Pre-built dashboards and reports, see standing of controls by location, regulatory requirement, vendor or system profile, control domain, etc. Build you own custom reports
  • Fully configurable. Each organization has different needs when it comes to controls management. It is easy to add new fields, add to or change the functionality according to your organizations' needs

Cyber Security, NIST Cyber Security Framework, NIST SP 800-53, ISO 27001, ISO 27002, etc.

  • Keeping track of the existence and operation of cyber controls has never been more important.
  • Use the Controls Assessment functionality to gather information from 3rd parties and internal control owners alike to get an efficient view of the cyber security control environment. This entails setting up the assessment and then sending the assessment to the persons responsible for the operation of those controls. Upon completion the assessment can then be reviewed by internal cyber security personnel to gain any additional understanding required.
  • Powerful, dynamic multi-dimensional reporting. Pre-built dashboards and reports, see standing of controls by location, Cyber Control Area (NIST, ISO27k, etc.), regulatory requirement, vendor or system profile, control domain, etc. Build you own custom reports
  • Fully configurable. Each organization has different needs when it comes to controls assessments. It is easy to add new fields, add to or change the functionality according to your organizations' needs

Configurable and flexible requirements solution

SMACK GRC is built on the popular Quick Base platform which is used by more than half of the Fortune 100. Because SMACK GRC is built on Quick Base, you will have full control to configure SMACK GRC for your unique requirements. This is not only includes your own branding and colors, but also reports, fields, drop-down values, automation and notifications. You can also add whole new modules to SMACK GRC quickly and easily. SMACK GRC is fast to implement, includes dynamic reporting and has valuable functionality which missing in those products offered by competitors.

Reach out for a free demo

We offer a no obligation demo. Just fill out the form on the next page and a representative will be in touch.

Request a Demo