IT service provider seeks complete GRC solution

We are an internationally positioned IT service provider (software, provision of data centers) and are looking for a complete GRC solution, preferably with a modular structure.

We have the following requirements:

• Modular structure
• ISMS - Information Security Management System
• BCMS - Business Continuity Management System
• DSMS - Data Protection Management System
• ICS – Internal Control System
• Compliance Management
• Risk Management
• DMS – Document Management
• Support for the relevant standards such as ISO27001, KRITIS (with subsequent extension for NIS2), BSI-100/200, BAIT, MARisk, ISO31000, ISO37301, DSGVO, ISO27701, ISO37301, ISO20000/ITIL if applicable, Cobit 5 or 2019 if applicable
• Must be multi-client capable (creation of a security baseline for our group of companies and subsidiaries as clients using and, if necessary, extending this)
• Must be adaptable to changes in standards
• Adjustments to changing standards must be implemented by the provider
• Must support internal audits and audits of our service providers
• Must be able to generate reports for our customers (banks)
• Must have a modern human-machine interface
• Must be able to connect to other systems, such as the central ServiceNow, which represents the CMDB, if necessary
• There must be suitable training for employees
• Must have at least an English and a German language environment - other languages such as Spanish or Polish would be helpful
• Must run on-premise
• Preferably run on Linux

The approximate number of software workstations required is estimated as follows

• Document management system – currently up to 750 (the vast majority with read-only access)
• The other six modules will primarily be managed by the respective specialist teams, meaning that between 5 and 20 employees are likely to access them (read and write access)