Integrated Risk Management (IRM)

Through continuous monitoring, prioritization, and automation you can respond to business risks in real time. Automate inefficient processes across your extended enterprise by combining security, IT and risk capabilities into one integrated program.



  • Risk Management

    Effectively detect and assess the likelihood and potential business impact of an event based on data aggregated across your extended enterprise, and respond to critical changes in your risk posture.

  • Policy and Compliance

    Automate best-practice lifecycles, unify compliance processes, and provide assurances around their effectiveness.

  • Audit Management

    Scope and prioritize audit engagements using risk data and profile information to eliminate recurring audit findings, enhance audit assurance, and optimize resources around internal audits.

  • Vendor Risk Management

    Institute a standardized and transparent process for managing the lifecycle of risk assessments, due diligence, and risk response with business partners and vendors.

GDPR Accelerator

  • ServiceNow®

    Integrates seamlessly with ServiceNow® Policy & Compliance, CMDB and Security Operations.

  • Portal

    A ServiceNow portal providing user engagement to support Subject Access Requests as well as act as an entrance point for employees engaged in assessments and impact assessment screening.

  • Subject Access Request fulfilment (SAR) moduleNice Prices And Gifts

    Comprising of a front-end exposed via the above-mentioned portal the SAR module provides a generic accelerator for the requirement to allow and respond to Subject Access Requests.

  • Ability to document information layers

    The classification of the CMDB (Asset) data to identify Configuration Items (CI's) that process or store PII data.

  • Data Protection Impact Assessment (DPIA) module

    Provides ability to perform a DPIA screening questionnaire for new projects or existing assets. Key components of the module include: Capability for 3rd Party vendor assessment, configurable risk calculation engine and dynamic workflows.

  • Record of processing activities module

    Article 30 of the GDPR requires the documentation of processing activities under its responsibility. This module provides the necessary structure and relationships to allow for this record.

  • Data Breach Incidents module

    Provides the core functionality required to show compliance to article 33.

  • Administration module

    Administrative configuration elements and data properties influence data presented to the user in the core modules SAR, DPIA, Record of Processing Activities, and Data Breach Incidents.