GRC Tool Implementation

Review existing tool, or provide ZenGRC is none exists

Perform administrative functions

• User management

• Tool configuration

• Storage configuration

Review/establish customer programs

Review/establish customer frameworks and objectives

Review/establish customer control entries and organization

• Reduce duplicate or overlapping controls

• Map controls to multiple frameworks if applicable

Establish recurring tasks/evidence collection

Provide auditor access if appropriate

Export control lists for audit purposes, includes control selection if appropriate

Export collected evidence for recurring items, may be all or a sample set selected by auditor

SPP does not interact with auditors and does not sit for interviews

Depends if hired to manage overall compliance (GNS)