Compliance
Grexx has been continuously certified for ISO 27001 and NEN 7510 since 2017, and we'd love to tell you more about our compliance program.
Read more
A compliance program you can count on
The bar is high. With 20+ years of experience in developing often complex customization for customers in all branches of sports, we have quite a bit of experience with all possible requirements in compliance and security. Previously, we worked with healthcare and financial institutions, for SMEs and multinationals, for listed parties and ambitious startups, among others.
Based on this experience, we have developed a compliance program that continuously improves the operational quality of our low code platform. The availability, integrity and confidentiality of our platform are reviewed annually by external auditors. Grexx has a SOC2 ISAE 3402 Type II Assurance Report and is GDPR compliant. In addition, since 2017, we have been continuously certified for ISO 27001 and AND 7510:
- ISO 27001 is the international standard for information security and data protection. This management system gives our users the assurance that Grexx has information security in order and complies with all relevant laws and regulations.
- NO 7510 is the Dutch standard for information security in healthcare. For example, healthcare institutions can trust that Grexx meets all requirements for access to, processing and storing medical data.
How Grexx is continuously compliant
We manage our compliance using our own management environment, GRC boxx: our tool for Governance, Risk Management and Compliance. Built on the Grexx Platform, of course.
GRC-Boxx helps you optimize processes at your own pace and in your own way. It sees governance, risk management, compliance and audits as a process that you are constantly working on. This is an important mindset: you don't do it before the audit or once, you do it continuously, in line with your business goals.
However, the audits are, of course, an important part of the process. A number of features that come in handy:
- In GRC-Boxx, we link the requirements of standards frameworks with control measures and the associated supporting documents and registrations.
- GRC-Boxx supports a PDCA (Plan-Do-Check-Act) cycle for continuous improvement, but also an easier periodic review cycle.
- GRC-Boxx supports both internal and external audits: findings, recommendations, and assessments are registered. In the event of non-compliance, you can initiate and monitor corrective actions until completion, after which you can re-audit.
These types of functionalities help us and other users of GRC-Boxx to be continuously compliant and to handle any irregularities in the right way. Are you curious how GRC-Boxx would do that for your organization? Just get in touch for a demo, one of our colleagues will be happy to tell you more about it.