TrustCloud releases TrustRegister to help gauge business impact of risks

Trust assurance platform TrustCloud has announced the release of the TrustRegister application to help software companies identify risks and understand risk-related revenue/business impact. TrustRegister is the newest addition to the TrustCloud platform and is built to automatically assign, notify, and prioritize tasks and remediation plans to help businesses elevate governance, risk management, and compliance (GRC) processes in line with frameworks such as SOC 2 and ISO 27001, the vendor said. The release comes as organizations and GRC teams face significant challenges amid the ongoing advancement of technology, changing regulations, and the increased interconnection of enterprises.

TrustRegister aims to alleviate error prone, disconnected GRC processes

Programmatic risk assessments highlight liabilities and gaps that require investment to mitigate or resolve. However, such information is often maintained in a spreadsheet-based risk register, which is error-prone and disconnected from other business systems. What’s more, showcasing the potential revenue impact of risks to stakeholders can be a tricky, manual task. TrustRegister identifies risks before they pose a threat to a business with automated workflows that streamline collaboration across dispersed teams, the firm said. It also ties contracts and customers to risks, giving companies and risk owners the information and associated dashboards need showcase how risks will affect the bottom line, TrustCloud added.

Examples of what TrustRegister can do cited by TrustCloud founder Sravish Sridhar include:

• Summarize controls from compliance programs that are at risk of failing, along with the specific risks they are tied to. From this dashboard users can contact the control owner to start the remediation process.
• Summarize employee participation in GRC programs, as well as details of employees that have outstanding tasks to complete to uphold compliance standards.
• Provide liability protection that quantifies the value of contracts with GRC commitments, and how much liability is created by non-compliance. By calculating the ROI of their GRC program, TrustCloud customers can prove the value of GRC to leadership, and advocate for more budget when needed.

“It is critical for us to understand our risks in real-time,” said Sean McElroy, CSO at Lumin Digital, in TrustCloud’s press release. “Spreadsheets and written reports are almost immediately out of date. With TrustRegister, we have continuous assessments of how our controls are performing and added assurance that we can address risks before they impact our business.”

GRC business alignment is key to protecting, growing organizations

CISOs and GRC professionals must be quipped to make data-driven decisions to protect and grow their businesses, building business cases for GRC programs based on the revenue and liability impact of security and privacy risks, said Sravish Sridhar, founder and CEO, TrustCloud.

Integrating GRC into the wider business strategy is a significant challenge for GRC professionals, Tamim Ahmed, GRC specialist, wrote in a blog post. “GRC must be integrated into daily operations and be in line with an organization’s objectives. To achieve this, strong GRC culture and the capacity for cross-team collaboration are necessary.” For senior management and the board of directors to comprehend and manage the organization’s GRC risks and compliance status, good communication and reporting are also essential, he added.