Comprehensive, platform-based solution enables scalable and integrated approach to governance, risk, and compliance management
HOUSTON, Oct. 15, 2012 – Datacert, Inc., the premier global provider of enterprise legal management solutions, announced the launch of Passport® GRC today at the 11th Annual SCCE Compliance and Ethics Institute in Las Vegas, Nevada. The latest application delivered on Passport, Datacert's patent-pending technology platform, Passport GRC provides companies with a comprehensive framework to support sustainable, proactive, and defensible management of their broad governance, risk, and compliance programs and integrates seamlessly with Passport Matter Management and Legal Spend Management, creating a closed-loop process between corporations’ legal and GRC functions.
Developed over the past 18 months in consultation with Datacert clients in North America and Europe, and in alignment with standards defined by the Open Compliance & Ethics Group (OCEG), a nonprofit "think tank" focused on GRC that has defined the de facto standards for a comprehensive global GRC framework, Passport GRC includes four integrated components that support all aspects of a company’s GRC program, including:
- Compliance Management – Allows companies to proactively manage and monitor updates to global regulations, policies, and controls to ensure compliance
- Risk Management – Allows companies to monitor and manage any type of risk (e.g., operational, market, geo-political, environmental, etc.) across all industries, geographies, and functional domains and provides a central place to identify and categorize risks, conduct assessments, and manage corrective actions
- Internal Audit Management – Provides a central place to manage audits and controls assessments, identify potential compliance gaps, and provide a history of compliance
- Incident and Inquiry Management – Provides a central place to triage incidents, losses, issues, and inquiries, manage investigations, and implement corrective action plans to mitigate future incidents or losses
All of these components are consolidated on a single platform and share a common database, workflow engine, and business intelligence engine, allowing information to be easily shared across the different functional areas and providing critical visibility across all aspects of companies' GRC initiatives. The shared audit engine provides a single system of record for tracking and auditing all compliance and risk-related activities and maintains an auditable history of "point-in-time" regulations and their related policies and controls to allow corporations to validate and demonstrate historical compliance.
"Corporations, particularly global ones, struggle with an ever-changing array of laws and regulations that govern what they do and how they do it and face a myriad of risks that drive deep into enterprise operations and processes. Organizations are challenged to effectively respond and manage processes for assessments and incidents when they do occur," said Michael Rasmussen, J.D., OCEG Fellow, and founder of Corporate Integrity, a leading GRC strategy advisory firm. "Today, most organizations manage these challenges in a disjointed, and often ad hoc, fashion that creates silos of information and huge inconsistencies that actually serve to increase risk exposure, and result in inefficiencies that greatly increase overhead. Datacert's approach to solving this problem by consolidating GRC processes and information into a cohesive technology architecture allows companies to reduce the overhead of managing this information and better mitigate risk."
While highly integrated, the Passport GRC components – Compliance Management, Risk Management, Internal Audit Management, and Incident and Inquiry Management – are also modular, allowing companies to select the components they need to address their most pressing requirements and expand the system with additional components as needs grow. This means companies can lay the groundwork for a comprehensive and integrated enterprise-wide GRC program while focusing on early-stage GRC efforts. In addition, because Passport GRC was built on the Passport platform, clients can use the platform toolkits, such as the Passport Designer Toolkit, to configure and evolve the solution over time to address changing regulations, new business situations, new geographies, and other changing requirements.
"The regulatory and business landscapes are constantly evolving," said Rasmussen. "The fact that Passport allows companies to adapt their GRC system to keep pace with these changes makes it a very powerful asset for corporate compliance and risk officers."
As an extension of Datacert's Passport enterprise legal management solution suite, Passport GRC also integrates seamlessly with Passport Matter Management and Legal Spend Management, supporting the inherent link between corporations’ GRC and legal department activities. This integration is designed to streamline communication, information-sharing, and cost management for compliance issues that eventually become legal matters, and create a closed-loop process that provides visibility into the true cost of non-compliance. For example, final outcomes (e.g., judgments, damages, and legal costs) of litigation resulting from compliance incidents are captured by Legal in Passport Matter Management and shared with Passport GRC, providing compliance and risk staff with valuable data about the real costs of compliance breaches and ongoing risk exposure to the organization.
"The goal of Passport GRC was to break down silos and create visibility and new lines of communication across a company's GRC initiatives and beyond," stated Shaheen Javadizadeh, vice president product management and strategic markets, Datacert. "Connecting the legal and GRC functions in this fashion provides valuable insight into risk exposure, helps guide risk prioritization, and facilitates comprehensive reporting to the board of directors."
To learn more about the Passport GRC, or other Passport solutions, please call +1 800-780-3681 or e-mail firstname.lastname@example.org (North American inquiries) or email@example.com (international inquiries).