Our software makes life easy for
every information security manager
within an organization
GRACI is a software platform for Governance, Risk Management, Auditing, Compliance and Security Incidents within an organization.
GRACI Core Modules
Analyze and document your security, third-party and business risks easily with GRACI and get an up-to-date risk register in real time.
Simplify the work of your internal and external auditors by centralizing evidence and sending alerts to key stakeholders.
Define your standards (e.g., ISO/IEC 27002) and security requirements and match security controls to identify compliance gaps.
Record and manage security incidents and report on the status of incidents in your organization while improving your pro-activity.
Information Security Governance
GRACI helps you document and maintain your current or planned security policies, guidelines and controls, as well as the security standards and best practices adopted by your organization. Information security officers (eg, ROSI, RSI, CISO, CISO, etc.) can quickly have a state of health security within their organization.
A state of health covering the aspects of security checks, risks, compliance and incidents.
Risk Management
GRACI helps you document and maintain security risks in your organization. These risks can be identified during security analysis and assessments. Key stakeholders in the risk management process can connect to the platform to record or modify risks. The platform also has features to define the risk criteria
Audit and Compliance Management
GRACI allows you to record all authoritative documents to which your organization is subject and then to observe compliance discrepancies. You have the opportunity to know what your level of compliance is compared to an authoritative document. Authoritative consent may be a standard (eg ISO / IEC 27002), a policy, a directive, a registry of security requirements.
Incident Management
GRACI helps you document and maintain security incidents that occur in your organization. At any time, the Incident Management Officer may have an inventory of security incidents and the status of such incidents.
