Compliance
Grexx has been annually audited for its compliance with AICPA's SOC 2 (since 2015) and certified for ISO/IEC 27001 and NL-NEN 7510 (since 2017).
Read more
A compliance program
you can count on
The bar is high. With 20+ years of experience in developing complex customizations for customers in all kinds of industries, we have quite a bit of experience with all the possible requirements in compliance and security. We have worked with healthcare and financial institutions, for SMEs and multinationals, for listed parties and ambitious startups, among others.
Based on this experience, we have developed a compliance program that continuously improves the operational quality of our low-code platform. The confidentiality, integrity, and availability of our platform are reviewed annually by external auditors. Grexx has a SOC2 ISAE 3000 Type II Assurance Report and is GDPR compliant. In addition, since 2017, we have been continuously certified for ISO 27001 and NL-NEN 7510:
- ISO 27001 is the international standard for information security and data protection. This management system gives our users the assurance that Grexx has information security in order and complies with all relevant laws and regulations.
- NEN 7510 is the Dutch standard for information security in healthcare. This way, healthcare institutions can trust that Grexx meets all requirements for access to, processing, and storing medical data.
How Grexx is managing its own
continuous compliance
We manage our compliance using our own management environment, GRC boxx: our tool for Governance, Risk Management and Compliance. Built on the Grexx Platform, of course.
GRC-Boxx helps you optimize processes at your own pace and in your own way. It sees governance, risk management, compliance and audits as a process that you are constantly working on. This is an important mindset: you don't do it before the audit or once, you do it continuously, in line with your business goals.
However, the audits are, of course, an important part of the process. A number of features that come in handy:
- In GRC-Boxx, we link the requirements of compliance frameworks with controls, and controls with evidence in the form of documents and registrations. If any of these requires attention, it becomes immediately visible what the impact is to all its relationshsips.
- GRC-Boxx supports a PDCA (Plan-Do-Check-Act) cycle for continuous improvement, but also an easier periodic Review cycle for both controls and evidence.
- GRC-Boxx supports both internal and external audits: findings, recommendations, and assessments are registered. In the event of non-compliance, you can initiate and monitor corrective actions until completion, after which one can re-audit.
These types of functionalities help us and other customers of GRC-Boxx to be continuously compliant and to handle any non-conformities in the right way. Are you curious how GRC-Boxx would do that for your organization? Just get in touch for a demo, one of our colleagues will be happy to tell you more about it.
Curious about all the options?