New features in ADOGRC 13 LTS
Introducing ADOGRC 13.0 LTS, the latest and most significant update to our Governance, Risk & Compliance (GRC) suite.
Building on its strong foundation in Internal Control (ICS) and Risk Management (RM), BOC has made significant advancements in shaping ADOGRC 13.0 LTS into a Unified Compliance Platform. This powerful solution enables customers to efficiently streamline the management of multiple GRC scenarios and domains – all within a single tool.
This release focuses on two new scenarios: Compliance Management and Data Protection.
In the process, significant efforts were made to simplify and reduce the resources needed to create and support additional GRC scenarios and new regulatory requirements. These enhancements ensure that ADOGRC not only addresses current needs but is also easily adaptable to future regulatory changes and their evolving use cases.
Now, let's explore all the new features of ADOGRC 13.0 LTS in detail.
New Features for ADOGRC Users
ADOGRC as Unified Compliance Platform
As a Unified Compliance Platform, ADOGRC is designed to be a comprehensive solution for all compliance needs – built on the principles of a single source of truth and reliable information. ADOGRC centralizes and streamlines compliance management, ensuring consistency across all GRC activities. With a wide range of new features, ADOGRC enables users to focus on their specific GRC domains and tasks, providing a more efficient and targeted approach to managing risk, governance, and compliance across the entire organization.
ADOGRC Scenario Organisation & Filter
Compliance activities can now be organized more efficiently by assigning objects to specific GRC scenarios and domains. Combined with the filter in the top bar, switching between different scenarios is seamless, allowing a focus on only the most relevant data.
Quickly assign multiple objects to GRC scenarios using the bulk-assign option in the context menu. This simplifies the organization of your GRC activities and helps streamline your workflow.
Scenario-based Recommendations
The "New" section has been optimized to provide specific recommendations for each scenario. This helps you quickly find exactly what you need within the context of the selected GRC scenario.
Scenario-focused Overview
To deliver a more focused and efficient user experience, the ADOGRC start page now displays only the content, objects, and tasks relevant to the active scenarios.
ADOGRC Compliance Library
ADOGRC 13.0 LTS is shipped with the ADOGRC Compliance Library. Based on the Secure Controls Framework (SCF) version 2024.2.1 and enhanced with BOC best practices, it provides a unified approach to managing compliance across a wide range of regulations and industry standards. The SCF consolidates control objectives from multiple sources, enabling organizations to efficiently address diverse compliance requirements. Supported standards and frameworks include ISO 27001, ISO 31000, NIST CSF 2.0, EU-GDPR, EU-DORA, EU-NIS2, BSI 200-1, and many more.
Learn more about the SCF on their official site: https://securecontrolsframework.com
New Scenario: Compliance Management
The new scenario for Compliance Management operationalizes the object type Control Objective, adding well known ADOGRC features like a master-data workflow that includes scheduling, notifications, and reminders.
Additionally, ADOGRC 13.0 introduces a new object type Control Objective Assessment, designed to support periodic, workflow-based assessments of any compliance requirement.
Both object types offer dedicated My Dashboards for contributors, as well as the brand-new Inventory Dashboards, which display all control objectives and their assessments within the repository. Each object type also includes an Insights Dashboard, offering contextual views, direct access to reports, and related elements for a more comprehensive and intuitive user experience.
New Scenario: Data Protection
To stay on top of regulatory requirements regarding Data Protection, ADOGRC 13.0 now provides a master-data workflow for the object type Processing Activity. This workflow includes scheduling, notifications, and reminders, ensuring a structured and efficient management of data processing activities of an organization. Additionally, dedicated My Dashboards, Inventory Dashboards, and Insights Dashboards offer a clear, organized view of the entire data processing lifecycle – from the purpose of processing to the implementation of necessary technical and organizational measures. These enhancements enable organizations to maintain compliance and manage data protection with greater efficiency and clarity.
Inventory & Catalog Dashboards
To enhance transparency and ensure full control over all GRC objects within the repository, we have introduced Inventory Dashboards. Easily accessible from the top toolbar, these dashboards provide a comprehensive overview of all objects of the respective GRC object type that are relevant for the organization, enabling users to stay on top of the entire inventory and manage GRC objects more efficiently.
Through the Catalogs menu in the top toolbar, users can easily access available standard catalogs, such as the ADOGRC Compliance Library. If the ADOGRC Compliance Library is contained in the repository, it will be displayed for quick reference, enabling users to efficiently navigate and utilize this valuable compliance resource.
Quality of Life Improvements
ADOGRC 13.0 focuses on several quality-of-life improvements designed to streamline and simplify user workflows. These enhancements aim to make interactions more intuitive and efficient, significantly improving the overall user experience (UX). Below are some of the key improvements.
Bulk Creation of GRC Objects
To enhance the operationalization of GRC objects (e.g., Risks and Controls), we have introduced an option to create multiple Risk Assessments, Control Testings, Control Executions, and more at once.
Example: By selecting multiple Risks, an individual Risk Assessment is created for each of the selected objects. The newly created Risk Assessments are automatically linked to their corresponding Risks and inherit all relevant data. These Risk Assessments are then displayed in the tabular editor, where responsibilities and schedules can be easily adjusted.
Explorer: Tab "Objects" as Default
In GRC scenarios, users primarily focus on interacting with individual GRC objects (e.g. Risks, Controls, Initiatives). To streamline navigation and make it easier to find the relevant information, the "Objects" tab is now set as the default view, saving users an extra click each time they access the repository.
Redesigned Start Page
The ADOGRC start page now features a clean, modern design, providing a fresh new look. This redesign not only enhances visual appeal, but also improves navigation and usability, making it easier for users to access key information and manage tasks more efficiently.
Access All Relevant Information During Assessment and Review
To ensure users can always access relevant information, the latest update allows assessment & review dialogs to be minimized. This enables seamless navigation, letting users browse and locate necessary data while keeping the dialog open, resulting in a more efficient and flexible workflow.
Enhanced Editing Capabilities on ADOGRC Dashboards
All ADOGRC Dashboards now feature an Edit button in the header. This handy addition allows you to open a single object for editing or select multiple objects to modify simultaneously in the tabular editor. Managing your GRC objects is now more direct and flexible, putting control right at your fingertips.
New Features for Users of the ADOGRC Application Library
Compliance Management
With the addition of the new Compliance Management scenario, we have extended the ADOGRC Application Library with new capabilities. The most significant update is the introduction of a new object type called Control Objective Assessment. This object type enables the assessment of control objectives within various scopes, such as different organizational units or teams.
All assets now display related Control Objective Assessments within the Compliance chapter of the object's properties. This provides a comprehensive view of compliance assessments.
Additionally, you can now assign Control Objectives and Control Objective Assessments at the process step level in the Task objects as well.
In German, the object type "Kontrollziel" (Control Objective) has been renamed to "Vorgabe" to make it more intuitive and easier to understand for users.
The availability of this feature depends on the license.
Data Protection
To meet the requirements of the EU-GDPR, we have extended the metamodel to allow documentation of Processing Activities. The new object type helps users record and manage data processing activities and link them to any relevant assets.
In addition, we have added a new chapter called Data protection to the properties of the following object types, which displays all connected Processing Activities:
- Organisational Unit
- Process
- Application
- Application Interface
- Role
- External Partner
- Entity
Finally, a number of new predefined chart templates (prefixed with "Data Protection:") for Gantt and Matrix charts and the Dependency Modeller help you analyse the documented Processing Activities.
With these extensions, you can now document the Processing Activities that affect sensitive data, document reasons and scope as required by the EU-GDPR and have your processes audit ready – all within just one click.
The availability of this feature depends on the license.
Additional Improvements
"General information" & "Extended information" Chapters for GRC Objects
To enhance clarity and maintain consistency, we have restructured the object properties dialog.
The chapter General information contains the most relevant information – especially concerning relevant master data.
All other additional attributes were added to the chapter Extended information. Here, you will also find the option to assign objects to specific GRC Scenarios.
ADONIS 16 Library Extensions
As the ADOGRC Application Library is built upon the ADONIS BPMS Library, you automatically also benefit from a range of additional improvements. Check out the new features of ADONIS 16, including:
- Strategy and Performance Management
- Business Continuity Management (BCM)
- and further methodical improvements
New Features for ADOGRC Administrators
New ADOGRC Administration
The completely redesigned and extended ADOGRC Administration allows you to perform all administrative tasks directly from the browser, replacing the Administration Toolkit desktop application.
The ADOGRC Administration includes the following components:
- Users: Create, edit, and delete user groups and users. Import and export users. Track administrative actions in the audit log.
- Rights: Manage permissions for user groups and users. Grant or revoke access to content as needed.
- System Roles: Create, edit, and delete system roles, and assign members to system roles.
- Libraries: Update, import and export libraries. Manage the text resources of the metamodel.
- Repositories: Manage Repositories. Import and export models, objects, repositories and migration packages.
- Properties: A brand new optional, licensable add-on module for extending the metamodel (more on this below). Add, change, remove and organise properties of object and model types.
- Settings: Configure a wide range of library-specific features.
- Licence: View licence information and add a new licence if necessary.
- Authentication: Configure the way users can connect and log into the application.
In addition to the above components, the Tools menu grants access to advanced settings, including security settings, support information and the ability to perform maintenance tasks.
For instructions on using all features of the new Administration, please refer to the Administration Help of the base product ADONIS 16.1.
The new web-based Administration still provides the same functional scope of the previous desktop application but allows for a much more modern and user friendly layout. We have renamed some settings and options to make them more consistent and intuitive to understand, but the overall functionality is still the same and continues to facilitate the same flow in administrative tasks you are used to.
There are also some new components and settings as well as some which now offer a larger array of capabilities. These are described in the following sections.
Properties: A New Module for Extending the Metamodel
The Properties module, now available in the ADOGRC Administration, provides you with the flexibility to tailor the properties of object and model types to meet your organisation's needs.
You have full control over the allocation of properties, allowing you to structure them into chapters and groups as needed. At the granular level of individual properties, you can effortlessly assign or remove existing attributes and relations, and even introduce new attributes to an element.
Furthermore, you can modify default values for enumeration and Boolean attributes, and expand the value range for enumeration attributes. Additionally, you can change attribute help texts and specify which attributes are mandatory.
For details, please refer to the section "Properties" in the Administration Help of the base product ADONIS 16.1.
Attributes managed by ADOGRC workflows, such as assessment attributes, cannot be changed in the UI.
The availability of this feature depends on the license.
Combined ADOGRC & ADONIS Installation Package
Starting with ADOGRC 13.0, ADOGRC is now delivered as a combined Installation Package consisting of ADONIS and ADOGRC. The installation and upgrade procedures generally stay in place but some steps may have changed and are now executed in the ADOGRC Administration. For the upgrade procedure, follow the ADONIS documentation and also review and verify that the ADOGRC specific configuration as detailed in the ADOGRC Setup Guide is in place.
Removed Features
This section lists features that have been removed from ADOGRC 13.0
Administration Toolkit
The desktop application Administration Toolkit (aaws.exe) has been removed from ADOGRC 13.0 and replaced with the web-based ADOGRC Administration.
Database Administration
The tool Database Administration (adbinstws.exe) has been removed from ADOGRC 13.0.
Set up System Users (Deprecated)
The deprecated authentication mechanism "Standard (System Users)" which allowed manually importing "System Users" from the directory service Microsoft Active Directory directly from the Administration Toolkit is not supported anymore.
Migration Notes
Important notes for migrating from the earlier version of ADOGRC to ADOGRC 13.0
Changes to Software Requirements
Please note the following changes to the software requirements for running ADOGRC when migrating from previous versions.
No longer supported:
- Tomcat 8 and Tomcat 9
- Java 8 and Java 11
Added support for:
- Tomcat 10.1
- Java 17