Security Management & Governance
SandaS, Your Security Management Solution Now With GRC Capabilities: Government, Risks and Compliance
SandaS GRC helps organizations support their business strategy, improve their operational performance, reduce operational risks and ensure regulatory compliance. SandaS GRC is the perfect complement to create an effective program for the governance, risk management and compliance of your organization's information security.
SandaS GRC is:
- Corporate Governance: provides information that helps you with the decision-making to ensure that information security is aligned with your organization’s aims and targets.
- Risk Management: allows security risk identification, evaluation, analysis and processing at a technical and compliance level, minimizing their impact on your business..
- Regulatory Compliance: helps to implement the best international practices on management systems and the compliance with the legal and contractual requirements in order to develop you business with the highest guarantees.
- Complete and unified view of the risk, managing the key risks and compliance problems throughout the company, and their business impact.
- Efficient management of the complexity associated with compliance with multiple regulations, rules and policies.
- It allows to conduct a strategic assignment of resources and to ensure the appropriate controls for an integral security plan.
- It helps to develop and prove compliance with legislation (DPL “Data Protection Law”, ENS “Esquema Nacional de Seguridad”, critical infrastructures…), international standards (ISO 27001, ISO 27002, ISO 22301, PCI DSS…) and corporate policies in an efficient and centralized way.
- It asseses the security of IoT deployments according to GSMA IoT Security Guidelines & Assessment.
SandaS GRC can be adquired as an independet product or a service of Security Management within Telefónica. Contact us for further information and request a personalized demo of the product.
- Risk identification and management based on ISO 31000 with full support to frameworks such as ISO 27005, NIST SP 800-30 or COBIT 5 for Risk.
- Specific module for MAGERIT with support to the National Security Framework (ENS, “Esquema Nacional de Seguridad”) and legislation on Critical Infrastructures based on the Logical IT Processing for Risk Analysis (PILAR, “Procedimiento Informático Lógico para el Análisis de Riesgos”).
- Using a drag and drop mechanism you can model the organizational assets and their interdependencies according to the reference standards TOGAF9.1 and ArchiMate. You will be able to model business, application and technology layers.
- Dashboards with indicator, being the first international implementation of the measurement standard of Information Security ISO 27004:2009.