The WCK GRC software platform includes multiple applications which can be mixed and matched to suit your organization’s needs.
Implementation is completely modular. Companies can choose to start with just one or two WCK GRC software applications, and then add more modules as their needs grow, or they can start out from day one with a complete offering.
WCK IT and cyber risk management application automates the entire risk management life-cycle, including:
WCK Vendor Risk Management Module enables organizations to efficiently analyze and enforce the risk level of third-party suppliers, as well as to benchmark the compliance and risk posture between their multiple vendors.
The WCK Compliance Application focuses on control-based risk management for complying with regulations, standards and internal policies. Supporting new standards and regulations is simple, and control-sets are easily imported via Excel or XML in a matter of minutes to hours.
Built-in, ready to use standards and control-sets include:
Global Risk application supports a top-down risk management approach based on standard operational risk methodology (COSO ERM). You can analyze your risk posture in terms of families of risk, and compare inherent risk with residual risk based on controls in place. This flexible application module, working together with the Cyber Risk Module allows organizations to easily map technical IT and cyber risk to the operational risk tiers used in the ERM departments.
WCK Threat Intelligence application can display your current security resilience posture based on the most up-to-date threat intelligence. Threat data can be integrated from diverse public and private sources, feeds and reports and mapped to the organization’s controls and policies. The application provides actionable intelligence, dashboards and reports which indicate the mitigation actions that can minimize exposure to the most likely threats.
The Business Continuity Management application helps organizations create and run efficient business continuity plans, in alignment with BS25999 and other BC frameworks.. The application allows you to design and update a Business Continuity Plan and run test scenarios based on your Recovery Time Objective (RTO) and MTD (Maximum Tolerable Downtime) for your processes and assets.
WCK Secure Development Lifecycle manages and enforces organizational security policy for products being developed. It supports multiple versions, as well as all the stages of a product lifecycle, such as design, development and testing.
Finding security vulnerabilities as early as possible results in a tremendous reduction in the cost and effort of mitigation security once a product is in production.
Unique Text Policy Mapping simplifies compliance to multiple policy documents. Compliance Officers can easily highlight sections of textual documents, and map them to controls, eliminating the costs of overlapping compliance requirements. The compliance status of each section in the document is color coded automatically based on the control status.
WCK offers an open platform with a wide variety of preexisting adapters and APIs to external systems.
The adaptors use standard XML and Web Service protocols and are available for standard and proprietary network scanners, code scanners, external ERM and GRC systems, task management software and CMDB and BPM repositories. APIs are available for findings, mitigations, threats and reviews.
WCK GRC Software applications cover the complete spectrum of governance, risk and compliance for large enterprises, as well as for small and medium sized organizations who deal with regulatory requirements.