GRC – Management that just works.

The transition is very easy thanks to our Smart Content AI and flexible import interfaces. Existing Excel lists (e.g., inventory, asset lists) can be uploaded directly into the central database via CSV/XLSX import. For missing content, our AI assistant AKAI is here to help: Based on your industry, it automatically generates suggestions for threats, risks, and mitigation measures. Many customers report time savings of up to 80% during the initial setup compared to manual maintenance.

The AKARION GRC Cloud digitally maps the entire PDCA cycle (Plan-Do-Check-Act) of an ISMS. You benefit from predefined catalogs of controls and an integrated risk analysis that complies with ISO 27005. Particularly valuable for the audit: Our software generates the Statement of Applicability (SoA) virtually at the push of a button, since all controls are directly linked to your assets and risks. Thanks to centralized document control and version history, you can provide every auditor with complete proof of who approved or changed which policy and when.

Yes, absolutely. AKARION is listed by the BSI as an official provider of IT-Grundschutz tools. Our platform fully supports the standards of the BSI 200-x series (200-1, 200-2, 200-3, 200-4). You can import the current Grundschutz compendium directly and model your IT structure using building blocks. The software automates the determination of protection requirements and inheritance, so you can immediately see which measures (basic requirements, standard, increased protection requirements) are still pending for which systems.

We are committed to staying up to date. As a listed provider of Grundschutz tools, we keep the modules of the BSI Compendium constantly updated (e.g., 2023/2024 edition). Updates are deployed centrally. If requirements for a module (e.g., APP.3.1 Web Applications) change, you can immediately see in the system which of your assets are affected and where action is needed. This saves you days of poring over PDF documents.

The NIS 2 Directive requires companies to implement stricter measures in the areas of risk management, supply chain security, and reporting. The GRC Cloud addresses these exact points in an integrated manner:

1. Asset Assessment: Mark assets and processes as "NIS-2 relevant" and automatically propagate this status to dependent systems.

2. Incident Management: Record security incidents centrally and automatically monitor legal reporting deadlines to avoid fines.

3. Supplier Management: Use the audit module to regularly and verifiably assess the security of your supply chain.

Yes, that is a core feature of our incident management module. NIS-2 mandates strict reporting procedures and deadlines (e.g., early warning within 24 hours). The GRC Cloud monitors these deadlines for you. You can classify and assess security incidents directly in the system and export the necessary information for reporting to the BSI or national CSIRTs. This helps you avoid compliance violations in hectic crisis situations.

Absolutely. The strength of our platform lies in eliminating duplicate work. Many requirements of ISO 27001 and TISAX® (or BSI C5) overlap. In AKARION, you can easily map a measure (e.g., “access control”) to multiple standards at once. This means you document the implementation only once, but meet the requirements of both frameworks. This drastically reduces your maintenance effort.

The software is flexible and supports common standards such as ISO 27005, BSI Standard 200-3, and ONR 49000. You can define your own risk matrix (e.g., 5x5) and customize damage scenarios. Whether you prefer a qualitative or quantitative risk analysis, the GRC Cloud provides you with the tools and visualizes your top risks in real-time dashboards.