Blackthorn GRC

Do you have the same problem as many organisations? Are you using spreadsheets as make-do mini applications, or mini database apps written years ago by a techie user and not updated or hardly supported? Given that these tools are usually not fit for purpose, it is hardly surprising that it is virtually impossible for your organisation to harmonise working practice, cut costs, comply with regulations and provide consistent data for management reporting and understanding of operational risk.

You need Blackthorn GRC!

With true collaborative working across teams and data collection and processing from and to a common source, Blackthorn GRC is a simple to use web-application that can be used across an enterprise to manage a range of business sensitive activities.

The term GRC has been coined by industry analysts to describe a group of systems that enable organizations to integrate the business activities required for effective governance, risk and compliance. Blackthorn uses a truly intelligent design in the following ways;

• Allowing each GRC business activity to be defined separately and to benefit from unique terminology, record keeping and repeatable workflow.
• Recognizing that many enterprise business activities do not need high degrees of confidentiality, integrity, availability and accountability and so not attempting to be a solution for them.
• Simple and clear methods of sharing terms, workflow and data across activities.
• Being highly adaptable through support of common GRC concepts at the correct level and by not forcing users into using a platform-specific protocol.
• Providing a fully traceable and understandable route of data collection, processing/management and reporting from the activity 'coal-face' to the production of risk figures. For instance, risk metrics can be tracked easily from a high level corporate value all the way to measurement of a specific item within the business.

Blackthorn is not a panacea for all business activities, but its careful design and approach to enabling the activities required for implementing effective GRC mean that it can truly improve your organizations ability to manage operational risk across the entire enterprise.

The Blackthorn GRC journey – 7 virtuous steps to success;

1. Start with one or a few pilot activities within just one business area, e.g. IT/Info Security, Compliance or Facilities Management. Add in further activities and business areas as part of a virtuous cycle.
2. Easily define each activity and the roles of those staff responsible for managing them.
3. Create workflow (where relevant) for each activity.
4. Build risk models based on critical business assets and/or people optionally using the supplied or custom templates.
5. Begin to manage each proactive and reactive activity as part of normal business. Many activities designed to assess and improve the compliance regime.
6. With a new and rich body of data, customize existing dashboards and reports or create new ones to deliver key data across the enterprise.
7. Show how proactive and reactive activities provide vital data to a real-time risk understanding and improvement process thus proving effective governance. Go to 1.

Support for Industry Standards

Literally any activity can be effectively managed in Blackthorn GRC! Enterprise customers have a wealth of templates that can be applied optionally from QCC's online library. These templates, designed by various subject matter experts, enable users to manage all the activities supported in our standard range as well as further activities such as ITIL, SOX and HIPPA.

Customisation for activities in which standards either do not exist or are not preferred is simple and rapid, enabling you to easily mould the Blackthorn GRC system to fit your business activities like a glove and enhance them like never before.