KnowBe4’s New GRC Platform Takes the Bite out of Risk Management
November 2018 by Marc Jacob
KnowBe4 announced that it has released a new, updated SaaS-based GRC platform featuring compliance management, policy management and risk management.
Most organisations leverage spreadsheets, documents and/or collaboration portals, as well as email threads and individual calendars to manage their GRC initiatives. These practices are inefficient, error prone, costly, and present greater risk to the organisation.
All organisations follow some type of regulation. Many need to comply with PCI-DSS, but often that is combined with other regulations such as HIPAA. Even if an organisation is not required by law to comply with any regulations, there may be a need to follow an internal risk framework, internal policies & procedures, or an industry best practices framework such as NIST* or CIS**. Managing compliance for one regulation or framework is time consuming. Having multiple regulations becomes impractical to manage without automation. Additionally, managing policy distribution and tracking attestation can be a challenging and time-consuming process.
KCM’s risk management workflow is simple: identify the risk, respond to the risk and monitor the risk. The KCM risk workflow is based on the well-recognised NIST 800-30 and integrates with the compliance features by allowing compliance or audit gaps to be escalated to the risk register. It identifies, assesses and monitors risk as well as gaps within organisations’ security programs.