CompLions-GRC customers on the advantages of working with the GRC tooling
Certifications have a reputation for being labour-intensive and time-consuming. The GRC tooling of CompLions-GRC proves that things can be done differently. Two customers, Odin Groep and Cyso, share their experiences with this Dutch service.
Under the flag of the Odin Group, several companies are involved. Previder's data centres are among the best-known activities. CFO Carmelo Messina answered the following questions.
Why is Odin Group certified?
For us it is a "license to operate". We are ISO9001, ISO14001 and ISO27001 certified, because this is very often requested. We also have other specialist certifications such as DigiD, NEN7510 and a SOC2 report, which are prerequisites for being able to serve specific customer groups.
Was Odin Groep already certified before CompLions-GRC came into the picture?
Yes, but that method no longer met our requirements. It was too labour-intensive and partly because of that the involvement in the organization was in our view insufficient.
What has changed as a result of switching to CompLions-GRC?
Quite a lot. To start with, we have definitively left the Excel sheet phase behind us. In addition, partly due to the simple operation and the insight provided by the CompLions-GRC tooling, the involvement throughout the Odin Group has increased. More awareness, more focus on permanent improvement and that leads to more efficiency. That is a positive change. When I say more involvement, I mean that attention to certifications is no longer the job of the quality auditor, the Security Officer and the CFO. Everyone, all departments and the entire management now understand more easily what it means in concrete terms and what the advantages are. For the external auditor, in our case BSI, things have also changed. They receive the data in a more structured way, which saves them time.
Does it save you time?
Absolutely, we can now, for example, roll over certain matters, so that a year later the same activities can be carried out much more quickly. It is also important that the GRC tooling identifies and deduplicates overlap in the normsetting. In this way, a considerable amount of time can be saved.
What can Odin Groep do now, which used to be unfeasible?
Partly on the basis of the GRC tooling and in accordance with ISO14001, we now have an annual sustainability report. From the tooling comes data with which the quality manager can draw up the report more efficiently. We have two versions of this. A detailed version for internal use and a more compact, easy to read online version for customers and interested parties.
What are the ambitions of Odin Groep and how does CompLions-GRC help?
Our ambition is to remain one of the top Dutch IT companies and to enter into long-term and strategic relationships with our customer groups. We want to remain relevant in the long term in a rapidly changing market. This is often the case for customers who also demand certification because they have to go for the highest quality. In order to be able to demonstrate this, we need the GRC tooling. Even in cases where the audits are purely customised, which is mandatory for some customers, the GRC tooling remains an important basis.
We expect to be among the first in the Netherlands to achieve AVG certification soon. To this end, we will once again use the GRC tooling, which will be expanded for this purpose.