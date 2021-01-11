In recent years, there has been a lot of movement on the topic of GRC (governance, risk management and compliance). Not only digitization of society has rapidly increased. Rather, both the number and complexity of the corresponding legal requirements have risen sharply. In addition, transparent compliance has become an essential differentiation criterion in competition, especially for private companies.

These market needs are mostly diametrically opposed by the technical and organizational status quo in SMEs and large companies: Excel-based inventories and audits, uncontrolled changes or deletions of documentations, data silos due to disconnected systems, and compartmentalized legacy systems within a company, to name just a few examples. And all this with a simultaneous trend toward digitization under increasing cost pressure.

Numerous current compliance solutions do not meet the market requirements mentioned above. They replace existing manual processes with new systems that are not seamlessly integrated into existing system landscapes but only complement them. For different compliance topics, such as data protection or information security management, it is not uncommon that several systems are purchased which do not communicate with each other and cannot be supplemented as needed. This leads to redundancies and contradictions between overlapping and logically connected topics. In addition, it is usually not possible to prove that the verifiable documentation is free of manipulation, which makes testing and proof of regulatory requirements virtually impossible.