Landscape orientation is not supported!
Please turn your device to portrait mode.

We use cookies on our website to ensure that we give you the best experience and to improve our website constantly, for statistical analyses and to adapt the content to your needs. To learn more about how we use cookies and how you can change your settings please click here! If you continue your session on, you consent to the use of cookies.

Security and transparency for your IT

GRC issues and the associated legal requirements have long-lasting consequences for the information and communication strategies and structures of companies. On one hand, new tasks are required of IT, while on the other hand, the controlling mechanisms and opportunities for companies and their customers are improved.

This development affects not only large, international corporations but in general all companies and institutions with social relevance, such as energy providers, telecommunications companies, public agencies and authorities.

Most of the new compliance regulations come from the world of finance: Basel II, Sarbanes-Oxley-Act (SOX) and the 8th EU Directive (Euro-SOX). The balance sheet figures, files and transactions that must be submitted and made verifiable according to these regulations are all processed and archived by a company’s IT systems. As a result, these rules apply automatically for the work of the IT departments. Additional requirements arise from national statues as well as group-internal rules and regulations (ISO quality standards, etc.).

For the IT department at your company, this means the need for consistent and careful risk management (identification, assessment and effective reduction of risks).

Kapsch analyzes and evaluates IT business services with CRISAM, the corporate risk application method, a detailed risk assessment that takes into account all applicable regulatory frameworks. This not only creates a basis for certifications, it also allows potential risks associated with corporate IT to be avoided or quickly identified and remedied. With CRISAM as a third-generation risk tool, the weighted risks can be indicated in € values. The planned investments can then be checked in advance for commercial feasibility based on a cost-benefit analysis.

The results of the analysis also support other ICT tasks, such as service management. On the basis of the CRISAM reports, it is possible to very efficiently create disaster recovery plans (emergency manuals) or requirements for service level agreements (SLAs).