Skip to content

GRASP – Feature Overview🔗

This section provides a compact overview of the key features of the GRASP platform, organized by area.

Organization🔗

  • Management of people, teams, and roles
  • Assignment of roles to people
  • Use of people/roles as:
  • owners and approvers for measures
  • document owners
  • risk owners
  • audit roles

By consistently assigning responsible persons, notifications can be delivered in a targeted manner (e.g. for deadlines).

Asset Inventory🔗

  • Management of assets:
  • Hardware
  • Software / Applications
  • Infrastructure
  • Service providers
  • Data
  • Management of business processes
  • Maintenance of dependencies:
  • Processes ↔ Assets
  • Assets among each other (e.g. input/output assets)

This inventory data forms the foundation for:

  • Protection requirements assessments (SBF)
  • Risk analyses
  • BIA in BCM
  • Audit and checkpoint selection

Documents, Policies & Guidelines🔗

  • Storage of policies, guidelines, NDAs, manuals, work instructions, etc.
  • Recording of:
  • responsible persons
  • status and version
  • last and next review dates
  • File upload (e.g. PDF) or linking to external sources (e.g. SharePoint)
  • Optional editing of simple content directly in the tool

Through review dates and notifications, the PDCA cycle for documents is actively supported.

Measures, Findings & Tasks🔗

  • Measures:
  • central management of all measures with owners, approvers, deadlines, and priorities
  • cross-module usage (e.g. a measure can address both ISMS and BCM risks)
  • Findings:
  • findings from audits, risk analyses, exercises, etc.
  • linking to measures
  • Task area (optional):
  • additional task layer for measures
  • calendar and Kanban views for operational management

Risk Management (shared)🔗

A unified risk management framework for:

  • ISMS ISO 27001
  • IT-Grundschutz
  • BCM
  • NIS 2

Feature scope:

  • Configuration of risks per asset category (data, service providers, hardware, infrastructure, personnel, processes, software)
  • Risk analysis:
  • assessment of likelihood and impact
  • calculation of initial risk and acceptance level
  • selection of treatment option (avoid, reduce, transfer, accept)
  • Treatment plan:
  • assignment and reuse of measures
  • Residual risk:
  • assessment after implementation/planning of measures
  • Risk matrix & overviews:
  • graphical representation
  • tabular reports
  • history/archive

Audit Management (shared)🔗

Audit functions that can be used across multiple modules:

  • Audit calendar:
  • planning of internal audits and recertification audits
  • Audit information:
  • scope, time period, approving person, objectives, extent
  • Checkpoints:
  • linking to audit subjects (processes, assets, documents)
  • Execution / Approval / Evaluation:
  • assessment of checkpoints
  • documentation of findings
  • derivation and linking of measures

Module-Specific Features🔗

ISMS ISO 27001🔗

  • Scopes for ISO 27001
  • Statement of Applicability (SOA)
  • Protection requirements assessment (SBF) with inheritance
  • ISO risk analyses and ISO audits

IT-Grundschutz🔗

  • Information domain
  • Modeling with BSI building blocks
  • IT-Grundschutz requirements (check)
  • Protection requirements assessment & inheritance in the BSI context

BCM🔗

  • Business Impact Analysis (BIA):
  • pre-filtering
  • configuration (damage scenarios & time horizons)
  • assessment
  • target/actual comparisons
  • Strategies & solutions
  • Exercises & tests

NIS 2🔗

  • NIS 2 scopes
  • NIS-specific risk management and audit management
  • Use of the same organization/asset inventory as IT-Grundschutz and ISMS

Data Protection🔗

  • Data protection organization and roles
  • Processing activities, TOMs, records
  • Interfaces with ISMS/IT-Grundschutz

This overview is designed to help you understand GRASP as a platform. For details on workflows and processes, refer to the respective module chapters.