GRCPerfect - Adaptiveprocessesadaptiveprocesses.com/pdf/GRCPerfect Detailed... · 5 Model Mapping...

GRCPerfect

Enterprise Project Governance, Risk and Compliance Solution

High Level Feature Description Document

Version: 6.0

Adaptive Processes Consulting Private Limited

Experience World Class Processes!

ISO 9001:2008 Certified

#51, 3rd Cross, Church Street,

6th Block Annex, Koramangala

Bangalore – 560095

e-mail: [email protected]

www.AdaptiveProcesses.com

This document is the property of and proprietary to Adaptive Processes, Contents of this document should not be

disclosed to any unauthorized person. This document may not, in whole or in part, be reduced, reproduced, stored in a

retrieval system, translated, or transmitted in any form or by any means, electronic or mechanical.

mailto:[email protected]

GRCPerfect Feature Description Document

Adaptive and Partner Confidential Version 6.0 of 26

Table of Contents

1 Introduction to GRCPerfect ................................................................................................................................... 3

2 Key features of GRCPerfect .................................................................................................................................. 3

3 GRCPerfect Functional Architecture ..................................................................................................................... 4

4 Sample Workflows in GRCPerfect ........................................................................................................................ 5

5 Model Mapping – CMMI and ISO 9001 ............................................................................................................. 14

6 Model Mapping – ISO 27001 .............................................................................................................................. 15

7 List of Modules for Governance Management System ....................................................................................... 16

8 Modules for Quality Management ....................................................................................................................... 17

9 Modules for Information Security Management .................................................................................................. 18

10 Adaptive Management System ........................................................................................................................ 19

11 Employee Services Module ............................................................................................................................. 19

12 Detailed Features for Time Tracking System .................................................................................................. 19

13 Infrastructure Requirements (For Client Hosted Model) ................................................................................. 20

14 About Adaptive Process Consulting ................................................................................................................ 22



1 Introduction to GRCPerfect

GRCPerfect is an Enterprise Governance, Risk, and Compliance Management System. It is designed to help

companies implement Governance, Quality, and Information Security Management Systems in an integrated

manner. It is extremely user-friendly, simple, easy to maintain yet very effective. It has pre-built processes for

CMMI 5, ISO 27001, ISO 20000 and ISO 9001. It is a complete data management system for CMMI, ISO 9001, and

ISO 27001.

Key benefits of deploying GRCPerfect are

Minimum 50% effort reduction in deploying GRC frameworks in the organization

Unified tool to implement best practices from multiple-world class frameworks such as ISO (9001, 27001,

20000, 14000, 18000), CMMI, ITIL, Business

Senior Management and client visibility into Organizational, Account and Project level performance parameters

Improved data and metrics integrity, thus helping in better decision making

Significant help in ongoing process sustenance beyond audit and assessment

Complete automation of project management artifacts and reporting – significant savings on management effort

2 Key features of GRCPerfect

Complete Program and Project Planning and Tracking supporting CMMI, ISO 9001, ISO 27001 and Agile

Schedule, Defect, Effort, Risk, Issue, Change Requests, Quantitative Process Management, Sub-Process

Metrics and other 40+ data capture needed by CMMI, ISO 9001 and ISO 27001

Supports workflow for approvals in Time Sheet, Requests

Supports flexible organizational hierarchy

Complete role-based permissions for data confidentiality and integrity

Multi level view – From Organization to Account to Project

Status and Metrics reports generated automatically from the system

Built on industry standard Microsoft SQL Server and .Net

Completely web-enabled and does not require any installation on user machines

Light-weight interface making it suitable to work on internet

Compliance management includes audit planning, tracking and reporting

Best practices drawn from internationally renowned organizations

Substantially reduced time and effort in model adoption and implementation

Enables complete context and role based view of policies and processes

Configurable to company’s requirements

Available to the Client as an Open-Code option which enables Client to obtain the source code of the product



3 GRCPerfect Functional Architecture

Project Governance Key Modules

IT Risk Key Modules

Compliance Management Key Modules



4 Sample Workflows in GRCPerfect



5 Model Mapping – CMMI and ISO 9001

Legend

Fully Supported

Partially supported

Not supported

Not a data requirement

Model requirement GRCPerfect module Process

compliance

Data

compliance

Project planning Schedule

Project monitoring and control Executive dash board + reports

Configuration management Not supported

Process and product quality assurance Audit management

Measurement and analysis Schedule, defect, risk + reports



Supplier management Vendor master

Requirements management Change request management

Requirements development Product backlog

Traceability matrix

Technical solution Engineering output

Product integration Engineering output

Verification Review, test case management

Validation Test case management

Decision analysis and resolution

(DAR)

Pugh matrix (DAR) module

Integrated project mgmt Minutes of meeting

Action item tracking

Risk management Risk

Organizational process definition Process asset library

Organizational process focus Not a data requirement

Organizational training Training management

Organizational process performance All data management modules

Quantitative project management Sub-process metric

Causal analysis and resolution Root cause analysis

Organizational innovation and

deployment

Continual improvement request

Project life cycles

6 Model Mapping – ISO 27001

Model requirement GRCPerfect module Process

compliance

Data

compliance

Establishing and managing the isms No data requirement

Documentation requirements No data requirement

Management commitment Management review meeting

Skill gap analysis

Training management

Resource management Capacity planning

Internal isms audits Audit management

Management review of the isms Management review

Isms improvement Continual improvement

Security policy No data requirement

Security organizations No data requirement

Asset classification and control Asset master

Personnel security Training compliance



Physical and environmental security Visitor management

Communications and operations

management

It checklists

Access control Access control matrix

Systems development and

maintenance

Security review checklist

Security incident management Incident tracker

Business continuity management Business impact analysis

Supplier contacts

Employee contacts

Compliance Audit management

7 List of Modules for Governance Management System

# Module Name Key Features

1 Project Overview Captures project characteristics, project stakeholders and objectives

Helps understand risks, issues and defects at organization level wrt project

characteristics

3 Schedule Management Define custom project life cycles

Allows auto-creation of Work Breakdown Structure

Schedule import from MS-Project

Integrated reviews checklist and creation of defects

Schedule allocation notification

Integrated test cases and creation of defects

Integration with Defects, Issues, Change Requests Module

Integrated with time sheet for effort capture

3 Scope Management Supports Function Point, Use Case Point and Complexity based estimation

Supports approval mechanism

Module and Phase-wise distribution

Size variance analysis

Integration with Schedule (Planned)

4 Defect Management Enables orthogonal classification of defects

Capture of defect history

Defect Allocation notification

Can be imported through Excel

Integration with schedule and time sheet

Supports orthogonal classifications

5 Risk Management Captures Risk History with Mitigation and Contingency Plan

Computation of Risk Prioritization Number

Risk Allocation notification

Integration with schedule

Integration with Org. Risk Management Module

6 Issues/Action Items Captures Issues / Action Item Details

Issue/Action Item Allocation notification




7 Change Management Captures Change Requests Details


8 Time Sheet Weekly Time Sheet

Integration with schedule for planned tasks

Provision to capture un-planned tasks

Time sheet approval

Ability to capture data from two different perspectives – Metrics and Billing

9 Skill Gap Conduct skill-gap analysis for project team members

10 Minutes of Meeting Captures meeting agenda, decisions taken

Integration with Action Item Tracking

11 CM Plan

Define Configuration Items

Define Folder Access, Baselines, CCB

12 SLA Management Define Service Level Agreements

Track Service Level Performance

13 Quantitative Process

Management

Define Project Metrics

Milestone-wise metrics data capture

14 Sub-Process Metrics Set Statistical Process Control Limits

Verify if measures fall within control limits

15 Decision Analysis and

Resolution

Creation of multiple decision analysis templates

Decision making using Pugh Matrix

16 Management Dashboards

Define various score-cards

Can be viewed from Organization level

Bid Management Evaluate proposals

Track proposal status

17 Reports More than 50 standard reports

Dashboards for Schedule, Risk, Defects and Issues

Defect Trend

Risk Trend

Weekly and Monthly Status Reports

Audit Findings Summary etc.

8 Modules for Quality Management


1 Employee Data

Management

Employee Education, Skill, Competency mapping

Skill gap analysis based on organizational roles and skill matrix

2 Audit Management Audits Planning and Tacking of Internal Auditors

Audit Reporting and Tracking

Non-conformity analysis wrt internal policies and processes and also the standards

3 Training Management Training Plan, Training Attendance and Feedback capturing

4 Management Review

Meetings

Auto-generation of Management Review Agenda as per ISO 9001 and ISO 27001

Action Item Tracking



5 Vendor Management Vendor Master including Vendor Evaluation

6 Appraisal Employee Appraisal Management

7 Root Cause Analysis

Capture Root Cause Analysis

8 Org. Process

Repository

Captures qualitative data on organizational process performance

9 Continual

Improvement Request

Capture Process Change Requests

10 ISMS Quiz

Management

Plan and track results of ISMS Trainings

11 CSAT Survey

Plan and capture data for Customer Surveys

12 PIID Pre-built Process Implementation Indicator Database for CMMI Assessment

9 Modules for Information Security Management


1 Asset Management Asset Master including Allocation, Movement and Component tracking

Asset Service Records

2 Risk Management Threat and Vulnerability analysis

Automated Risk Analysis and Treatment Plan

3 Impact Analysis Business Impact Analysis

4 Statement of

Applicability

Definition of controls as per ISO 27001

5 Access Control Matrix Defining various permissions for information assets

6 Capacity Planner Define Capacity Requirements and Availability

7 Incident Management Incident Tracking

Allocation of Incidents

8 Material Movement Material Movement Tracker

9 Visitor Management Visitor Tracker

10 Critical Contacts Critical Contact Management

11 Audit Management Audit Planning and Audit Reporting

12 Management Review

Meetings

Auto-generation of Management Review Agenda as per ISO 27001

Action Item Tracking

13 Training Management Plan and tracking of QMS / ISMS Trainings

14 QMS / ISMS Quiz

Management

Plan and track results of QMS / ISMS Trainings

15 Root Cause Analysis

Capture Root Cause Analysis



10 Adaptive Management System


1 Software life-cycles 8 comprehensive software life-cycles – Agile, Waterfall, Maintenance, Support,

Reengineering, Porting, Package Implementation and Testing

2 Processes 50+ comprehensive processes and procedures for Delivery, HR, IT and other

functions

3 Process Artifacts 500+ standardized process artifacts for CMMI, ISO 27001 and ISO 9001

4 eLearning Contains eLearning on CMMI, ISO 27001, ISO 9001, Internal Audit,

Configuration Management and Agile

5 Model Support Complete support to CMMI, ISO 27001, and ISO 9001. Will be upgraded soon for

ISO 20000 and COBIT.

11 Employee Services Module


1 Employee Directory Can see company employee information

2 Leave Apply leave

3 Request Tracking Request for any service

4 Improvement Request Suggest improvements

5 Incident Tracking Report incidents

6 Attendance Attendance system integration

12 Detailed Features for Time Tracking System


1 Seamless integration schedule

module

Tasks planned for an employee is reflected in time sheet

Actual effort, Effort required to complete (ETC) and % task

completion entered in Time Sheet gets reflected back in schedule

Benefits

Project manager gets to see effort planned against effort

consumed and effort needed to complete the task and can re-plan

accordingly

2 Multiple attributes captured for

effort analysis

Effort captured against Activity Code, Sub-Activity codes and

Billable codes

Activity codes restricted by person’s primary function (Delivery,

HR and IT etc.)

Sub-activity codes restricted by activity code

Benefits

Project manager gets to see effort planned against effort

consumed and effort needed to complete the task and can re-plan

accordingly.

3 Email integration Submission of time sheets triggers email to manager for approval



Approval and rejection emails provided to employee

4 Built in flexibilities In case an employee is allocated to multiple projects, they can

provide all projects efforts in a single screen

Effort can be captured against project / account / business unit /

organization or project only

Approval for Time sheets can be based on billability of the

employee – Project Manager for Project members and Function

Heads for Support functions

5 Provision to capture un-planned

tasks

Allows capture of unplanned tasks

6 Multiple approval mechanism Time sheet can be submitted to Project Manager / Function

Manager

7 Integration with leave system If an employee has approved leaves, it automatically appears in

8 Multiple effort capture for metrics and

billing

GRCPerfect allows capture of time sheet effort both from metrics

angle and billing angle.

9 Built in validations Employee cannot enter time for future period

Effort captured per day is maximum 24 hours

10 Integration with attendance system Integration with attendance system is planned

10 Integration with Executive Dashboard Time sheet effort captured is used for executive dashboard

reporting

11 Reports Effort capture summary

Effort as per billing codes

Effort as per activity and sub-activity code

13 Infrastructure Requirements (For Client Hosted Model) Hardware

Application and Database Server Machine (1 No Required)

Pentium CPU 3.0 GHz

4 GB RAM and 200 GB Disk space

Software

For operating system Windows 2000 / 2003 professional use service pack 2 (SP2).

SQL Server 2008

.Net Framework 4.0 (Freely available on Internet)

Browser

Internet Explorer 8.0+

14 GRCPerfect Support Mechanism

Any defect arising out of Adaptive Product design and development will be serviced free of cost by Adaptive over

the life of the product. Following aspects will be considered as Defects

1. Application not being usable due to design / coding deficiencies

2. Any wrong calculation logic or report

3. Validations which are considered industry accepted practice



Rest will be considered as Change Requests. Defects / Change Requests should be submitted by email to

[email protected]. Defects and Change Requests will be classified as per the definitions provided

below.



15 Definition of Defect Severities and SLA for resolution (in Working Days)

Severit

y

Definition SLA for Response SLA for Resolution

1 Disastrous – system cannot be used without corrective

action being taken

4 Hours 1 Day

2 Major – system can be used with major functional

restrictions

1 Day 1 week

3 Minor – system can be used with minor functional

restrictions

2 Days Quarterly Release

4 Cosmetic – system can be used with full functionality 2 Days Quarterly Release

16 Change Request Implementation

Priority Definition Estimated Effort (Person-

Hour) (PH)

SLA for Implementation

1 Has legal or revenue implications

< 16 1 Week

16 to 40 2 Weeks

40 to 160 4 Weeks

> 160 Case by case basis

2 Has implications for organizational

audit/assessment/Senior Management

reporting

< 16 2 Weeks

16 to 40 4 Weeks

40 to 160 6 Weeks


3 All others < 16 2 Weeks

16 to 40 6 Weeks

40 to 160 8 Weeks


17 About Adaptive Process Consulting

Adaptive Processes is formed with a view to help organizations establish and improve Quality and Security

processes in a faster, better and simpler way.

We developed world’s first database driven Quality and Information Security Management System which has been

filed for a patent. We are certified for prestigious international standard, ISO 9001:2008 from DNV.

Our core team is formed by alumni from Indian Institutes of Management (IIM's). Adaptive founding team includes

People with extensive knowledge in the Process consulting industry with strong Software delivery and consulting

experience.

We are an Endorsed Education Provider (EEP) for International Institute of Business Analysis (IIBA), Canada. We

have multiple Lead Auditors for ISO 9001, ISO 27001, ISO 20000, BS 25999 and Certified Scrum Masters on

board. We have more than 100+ person-years of experience with Quality and Project Management.

We are young and agile. More than 80% of our Clients have implemented multiple projects with us.



Proven Capabilities – Adaptive has successfully completed over 20 ISO and CMM projects with cumulative

experience of more than 100 person-years. Adaptive has encapsulated all of its learning and Best Practices into

its proprietary, tried and tested methodologies.

GRCPerfect – Proven product for CMMI Level 3, ISO 9001 and 27001. GRCPerfect is completely web-based,

role permission based system to manage CMMI Level 3 and ISO 27001 activities.

Cost Savings - 50%+ cost reduction over traditional methods of process definition and implementation

Effort Savings - 50 More than 50% effort saving from Client side due to automation of processes and metrics

Time Savings – Minimum 3 months effort savings due to proven toolkits

eLearnings - eLearning products in CMMI, ISO 9001, ISO 27001 and Internal Audit for continuous learning

Ongoing Support - Process Sustenance including complete Quality Process Outsourcing beyond certification

A single vendor solution for multiple frameworks – The complexity of integrating multiple implementation

vendors in any project presents numerous and added challenges and risks. With Adaptive, clients can rest

assured that an end-to-end GRC solution will always be provided under a single umbrella.

Accreditations – Adaptive Processes has been certified against ISO 9001:2008, the international certification

for quality of it’s products and services.

18 Adaptive Service Portfolio



19 Our Esteemed Clients

20 Our Success Stories

CMMI

Ascendum Systems (Implementing CMMI L3)

Infinite Computers (GRCPerfect Implementation and QMS Definition for CMMI v1.2 Level 5

implementation)

Turning Point (GRCPerfect Implementation and QMS Definition for CMMI v1.2 Level 3 implementation)

AXA Group Solutions (CMMI implementation Support)

Manhattan Associates (CMMI Training)

OTIS Software (CMMI Training and Gap Analysis)

ISO 27001:2005

AccelFrontline (Implementing ISO 27001 and ISO 20001)

Zenith Software - Completed ISO 27001 certification

JuriMatrix (Clutch group) – Completed ISO 27001 certification



People Tech Group – Completed ISO 27001 certification

Proteans – Implementing ISO 27001 and BS 25999

Crossdomain - Implementing ISO 27001

Photon Infotech – ISMS system definition

Metlife – ISO 27001 Pre-certification Audit

Tusker Legal Process Outsourcing - ISMS definition as per ISO 27001

Ness Technologies – ISO 27001 Internal Audit Training and Co-ordination

Management Systems Outsourcing

Bharti-AXA General Insurance

EmPower Research

V2Soft

Ness Technologies

MACH Teledata

ISO 9001:2008

Clutch Group, Leading LPO player in the world

Empower Research, leading KPO organization in India (Completed ISO 9001 implementation)

Ness Technologies India, part of Largest Israeli IT company (ISO 9001 and CMMI implementation)

Vati Consulting, Premier Recruitment Process Outsourcing and HR Consulting Firm (ISO 9001

implementation)

Vana Solutions, High-tech solutions provider (ISO 9001 and CMMI implementation)

INSZoom, World’s Leading Immigration Management Software Products organization

Bang (SQA Support)

ObjectWin (SQA Support)

ITIL

MACH Teledata

OnMobile, leading Mobile Value Added Service Provider

Six-Sigma

Multinational Automated Clearing House (MACH), World Leader in roaming solutions

Internal Audit Services

Metlife Insurance

Textron

Training

Manhattan Associates, World Leader in Supply Chain Management (CMMI Training)

Mafoi Consulting

Triumph Software Services

QMS Reengineering

Ness Technologies

Infinite Computers

21 Sample Client Testimonials

I find it very easy to do business with you. Thank you for the contribution to our system. We have a great and open

working relationship. We really respect your contributions in helping our organization. - Puneet Chaddha, Head-

Delivery, Ness Technologies

Adaptive has been prompt and fast in responding to our requirement, I am extremely happy with their people

competence, and range of service provided. Adaptive would be my obvious choice for any of our process need. I

would recommend this team to my circle. – SK Mishra, Head-Quality, Infinite Computer Solutions

I would like to thank you (LN) and your team on behalf of ZSL management team for helping us in getting the

successful ISMS assessment audit by DNV. I am confident that your APMS tool will help us in minimizes our effort



in managing Information Security. We thoroughly enjoyed working with you and look forward to work together for

our future endeavors. - R Natarajan, Chief Operating Officer, Zenith Software Ltd

Adaptive responded to all our requirements immediately. Their service was very good and satisfying. I appreciate

Adaptive resource commitment and hard work. He was very helpful and always ready to go extra mile to help us

out. – Ruhi Sharma, QA-Director, Arctern Consulting Pvt Ltd

22 Awards and Achievements

ISO 9001:2008 Certified from DNV on the first year of operation

Winner of Most Innovative Company Award from Pan IIT-IIM Alumni Forum

Certified Microsoft BizSpark Partner

Nominated for prestigious Tata NEN Hottest Start-up

GRCPerfect - Adaptiveprocessesadaptiveprocesses.com/pdf/GRCPerfect Detailed... · 5 Model Mapping...

Documents

Transcript of GRCPerfect - Adaptiveprocessesadaptiveprocesses.com/pdf/GRCPerfect Detailed... · 5 Model Mapping...