Software AG - ARIS Governance, Risk and Compliance Management
Risk and Compliance is part of the market leading ARIS Platform. Compliance managers, audit managers, risk management specialists, financial controllers and auditors appreciate the completeness of ARIS Risk & Compliance. Risk & Compliance Management with ARIS harmonizes different GRC methods and combines risk & compliance with Business Process Management (BPM)
Features
- Manage enterprise-wide compliance
- Build an efficient internal control system
- Meet internal and external requirements
- Save time through automated testing workflow and email notifications
- Track all entries and changes via a seamless audit trail
- Use escalation workflow for ineffective controls and to define responsibilities
- Create issue management for any problems and weaknesses
- Action tracking helps ensure follow-up on every defined activity
- Model questionnaire templates to generating surveys for specific subject groups
- Track responses and analyze the results at any time
Benefits
- Risk assessment workflow with clear responsibilities and send email notification
- Evaluate risks for financial impact and probability
- Use comprehensive workflow for incident and loss management
- Identify new risks and integrate them in the risk system
- Use fully integrated workflow for policy management and GRC management
- Map policies to business context with responsibilities, and affected processes.
- Gain transparency into every process and 100 percent data coverage
- Trigger workflow tasks for immediate action automatically
- Increased governance of data
- Viewpoints for regulation specific questions
Pricing
£6,600 a user a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
7 8 2 6 5 1 0 2 7 8 2 9 0 4 3
Contact
Software AG (UK) Limited
Maurice Hancock
Telephone: 07964 244563
Email: maurice.hancock@softwareag.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
-
Software AG's Digital Business Platform which includes but not limited to : -
ARIS -BPM
Alfabet
webMethods
Terracotta
APAMA
connects customers existing application and data sets together to achieve business and technical Transformation. - Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- None - Software AG offers a flexible deployment model that can be suited to the customer requirements. This includes Public, Private or Hybrid cloud deployments using a variety of technologies.
- System requirements
- System requirements not applicable as are managed cloud solutions.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response times are SLA specific and dependent on overal solution needs.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- With standard support offerings, Software AG provides 4 Support levels termed as Critical Priority, High Priority, Medium Priority and Low Priority - all of which have target response times detailed in the SLA. Standard Support comes with the product for a standard fee. For more tailored support, clients can selects a Managed Service option whereby the SLA’s and response times are configured in accordance with their requests. This service can include aspects such as Technical Account Manager, Capacity Management and any other service the client might want to add. The fee for the managed service is determined by the service required.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Standard Training and Full documentation provided - Training and documentation and video's can also be tailored/ created to meet specific customer requirements. Train the trainer is also available upon request.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Open standard exporting of Data can be provided at Contract end using tooling capability.
- End-of-contract process
- At end of contract - customer typically decide to continue with the service. Alternatively they can choose to export the data for example to another Service Provider. Software Ag is happy to assist with this process.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
All applications have been optimised to work with both Android and iOS
User experience can be designed to ensure that the user interface is optimised to be used on the mobile device. - Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- Yes
- What users can and can't do using the API
- ARIS REST API is mainly used to exchange data between ARIS and third party systems. It support retrieving, creating, deleting, and updating of information in the repository
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- ODF
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- End user interfaces - look and feel can be completely customised and branded. Furthermore, the underlying metamodel, model types, workflows, reports and macros can be customised. Users need an Admin profile to do such customisations
Scaling
- Independence of resources
- Scoping and on-boarding processes define the optimum specification for the customers requirements. The required amount of computer capacity is assigned to the customer. software AG technology is fully equipped to leverage via AWS scalable hosting
Analytics
- Service usage metrics
- Yes
- Metrics types
- Software Cloud Operations provides SLA performance monitoring for AWS cloud resources and the applications executed by customers and publishes our most up-to-the-minute information on service availability on the Service Health Dashboard. AWS Cloudwatch provides monitoring for AWS cloud resources and the applications customers execute on AWS - Refer to aws.amazon.com/cloudwatch for additional details.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Exporting of Data can be achieved using open standards for example CSV and XML formats
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- XML
- MS Office
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- XML
- MS Office
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
- 99.99, assured by contractual commitment
- Approach to resilience
- Software AG’s cloud services provide 99.99% infrastructure availability (over AWS) and 99.99% availability for the solution itself.
- Outage reporting
-
Software AG’s Cloud Trust Centre website provides web-based access to
• Live data on our cloud system availability
• Current and historical information on system performance
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Authentication is required and is implemented access cloud accounts and account activities are logged using AWS Cloud Trail services. In addition, The cloud product permits the configuration of a connection to customer's Single Sign On Services through an Identity Federation Capability via SAML2. In addition, the AWS Identity and Access Management (IAM) service provides identity federation to the AWS Management Console. Multi-factor authentication is an optional feature that a customer can utilize. A certification based authentication is not required.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users receive audit information on a regular basis
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- DQS GmbH
- ISO/IEC 27001 accreditation date
- 26/01/2021
- What the ISO/IEC 27001 doesn’t cover
- Software AG has certification for compliance with ISO/IEC 27001:2013, ISO/IEC 27017:2015, and ISO/IEC 27018:2019. Software AG Standard and Managed Cloud Services as listed in the certification scope statement delivered by Cloud Operations and PS Managed Services including supporting operation functions. https://www.softwareag.com/en_corporate/company/iso-certified.html
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- ISO/IEC 27001:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2019
- Complies with SOC 2 standards
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Security testing and policies
(SOC) Type II, independent third-party auditor certification
AICPA Trust Services
Implement and maintain a standards based ISMS
Comply with (IaaS) provider, Amazon Web Services security policy
Cloud Security Alliance (CSA)
CSA Consensus Assessment Initiative Questionnaire (CAIQ)
Security testing type
Penetration testing
IT Health Checks
Risk analysis
Other
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Components of the service are tracked through the lifetime via standard services which include regular upgrades to latest software versions (following release cycle); seamless patching during maintenance windows to minimize vulnerabilities or bug impact; performance monitoring and service continuity and recovery procedures for high up-time.
Changes are assessed for potential security impact through security testing performed after each release or change to the cloud environment. A standard release process is used to manage the changes and track through to completion. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
A formal risk management program is used to identify potential new threats, vulnerabilities or exploitation techniques which could affect the service. These are assessed and corrective action is taken. Depending on severity, Critical patches are assessed and installed within 48 hours, Important patches in the next maintenance release and moderate patches in the next general release.
Relevant sources of information relating to threat, vulnerability and exploitation techniques are monitored by the service provider. This includes threat/security awareness systems, vulnerability databases, security bulletins/advisories/RSS feeds.
Service provider timescales for implementing mitigation's are understood and are deemed acceptable. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Our auditor’s SOC 2 Type II report certifies the operational effectiveness of our systems that keep your sensitive data secure. This provides a high level of transparency into our controls that mitigate operational and compliance risks. Because it requires an attestation by an independent and objective CPA who bears professional liability for his or her opinion, the SOC 2 is more stringent and credible than other types of reporting on information security controls
- Incident management type
- Undisclosed
- Incident management approach
- All Cloud Products are covered by Software AG's Standard Support Agreement. Support issues should be raised through Software AG’s customer service portal, Empower, which is available 24x7. Three levels of support are available, with standard support offering 24x7 access to the support portal, 9 to 5 telephone support for standard and critical incidents and 24x7 support service for crisis incidents
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Sustainability and responsible action are guiding principles in Software AG’s business operations. We are certain that ethically correct behaviour and economic success belong together. To protect future generations and our planet, Software AG is committed to creating not only economic, but also ecological and social value.
Software AG is actively striving to reduce its environmental footprint. To mitigate the effects of its business activities on the planet, we are working toward a plan to become climate-neutral as quickly as possible by setting targets in the environmental area. With the help of its technology and solutions, Software AG will join forces with its customers and partners to tackle the most significant environmental challenges of the modern world and help mitigate the climate crisis, ultimately shaping a more sustainable future.Covid-19 recovery
Since the beginning of the COVID-19 pandemic in 2020, four years have passed, and the global economy is still recovering from the adverse effects of multiple lockdowns in most countries of the world. Fortunately, the freezing of companies, postponed or extended investment activities, and extensive restrictions on business travel only had minor effects on Software AG’s business operations. We implemented a hybrid working model with many business meetings, trainings, and other operations being conducted online. Today, this has become the default working model, which not only has not hindered business operations but allowed for greater flexibility and increased efficiency for employees and business partners alike.
The COVID-19 crisis shed light on the lack of digitalization in business processes worldwide. This resulted in additional business opportunities for Software AG, particularly in the Digital Business segment, which would compensate, or even overcompensate, for the negative effects on the global economy.Tackling economic inequality
Sustainable economic growth is of key significance to Software AG's business since it contributes to our long-term stability and positive impact on our employees, investors, and customers. Software AG’s leadership is convinced that having a sustainable business strategy not only promotes economic growth but is also essential to live up to the Company's own requirements pertaining to ESG matters.
Software AG recognizes the need to address economic inequality on a global scale and within the UK. We are committed to tackling the issue through various initiatives aimed at creating new jobs and business opportunities, while simultaneously increasing the resilience of its supply chain and sustainable practices therein. To achieve this goal, Software AG would prioritize job creation initiatives, training and development of employees’ skills, and vital partnerships with local communities and organizations to enhance the development of less privileged individuals. To enhance its supply chain, we would work towards expanding our sourcing options and fostering partnerships with local suppliers in the UK.Equal opportunity
A company’s corporate culture, encompassing its values and norms, serves as the glue that holds it together. This culture not only influences employee performance, but also facilitates the achievement of business objectives. It is supported by a framework that outlines the expectations for individual behaviour, beliefs, actions, and decisions. In March 2022, Software AG introduced its Culture Framework, which is focused around three core Ps: people, passion, and products, serving as the backbone of Software AG’s operations. The Culture Framework establishes inclusion, integrity, and innovation as the fundamental values guiding leadership practices. These values unite Software AG as a company and offer practical guidance on communication, interaction, and decision-making. Diversity, equity, and inclusion (DE&I) are an integral part of Software AG’s Culture Framework. Recognizing the interconnectedness of corporate culture, employee satisfaction, and engagement, Software AG has implemented a variety of initiatives to better understand these principles and positively influence its corporate culture.
The dedication shown by Software AG's employees, coupled with their professional and personal abilities, decisively contributes to our success. Overlooking employee concerns poses a fundamental risk of (generally indirect) negative impacts on business performance. Examples of this include situations when low employee satisfaction leads to attrition and a loss of company-specific expertise, or when a lack of diversity in the corporate environment hampers innovation. For this reason, Software AG deploys a variety of initiatives aimed at fostering high employee satisfaction and nurturing an innovative and diverse corporate culture while actively monitoring employee engagement.
Since 2020, Software AG has been a member of The Valuable 500, a global business collective of companies dedicated to innovation in disability inclusion. Software AG is also a member of the Initiative Women into Leadership (IWiL), a non-profit association that facilitates long-term mentoring and promotion of women at the top level.Wellbeing
Software AG is committed to fostering a corporate culture grounded in respect, transparency, and inclusion. The company continues to focus on attracting and retaining the best talent, nurtured through employee engagement and an inclusive and equitable working environment— where all employees can thrive and unleash their full potential.
Software AG offers an Employee Assistance Program (EAP), which provides employees with around-the-clock professional counselling free of charge. Yet, Software AG not only takes care of its own employees but is actively involved in improving community integration. For instance, our own Give Back to the World initiatives engages in several projects in the UK with an environmental or social value, tackling issues such as prevention of domestic violence, mitigation of deforestation, and promoting a healthy and active lifestyle.
Pricing
- Price
- £6,600 a user a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- A free trial offering full functionality for testing is available from our website for 30 days.
- Link to free trial
- https://techcommunity.softwareag.com/en_en/downloads.html