We are an internationally positioned IT service provider (software, provision of data centers) and are looking for a complete GRC solution, preferably with a modular structure.
We have the following requirements:
- Modular structure
- ISMS - Information Security Management System
- BCMS - Business Continuity Management System
- DSMS - Data Protection Management System
- ICS – Internal Control System
- Compliance Management
- Risk Management
- DMS – Document Management
- Support for the relevant standards such as ISO27001, KRITIS (with subsequent extension for NIS2), BSI-100/200, BAIT, MARisk, ISO31000, ISO37301, DSGVO, ISO27701, ISO37301, ISO20000/ITIL if applicable, Cobit 5 or 2019 if applicable
- Must be multi-client capable (creation of a security baseline for our group of companies and subsidiaries as clients using and, if necessary, extending this)
- Must be adaptable to changes in standards
- Adjustments to changing standards must be implemented by the provider
- Must support internal audits and audits of our service providers
- Must be able to generate reports for our customers (banks)
- Must have a modern human-machine interface
- Must be able to connect to other systems, such as the central ServiceNow, which represents the CMDB, if necessary
- There must be suitable training for employees
- Must have at least an English and a German language environment - other languages such as Spanish or Polish would be helpful
- Must run on-premise
- Preferably run on Linux
The approximate number of software workstations required is estimated as follows
- Document management system – currently up to 750 (the vast majority with read-only access)
- The other six modules will primarily be managed by the respective specialist teams, meaning that between 5 and 20 employees are likely to access them (read and write access)