Skip to main content
Version: 13 LTS

New features in ADOGRC 13 LTS

Introducing ADOGRC 13.0 LTS, the latest and most significant update to our Governance, Risk & Compliance (GRC) suite.

Building on its strong foundation in Internal Control (ICS) and Risk Management (RM), BOC has made significant advancements in shaping ADOGRC 13.0 LTS into a Unified Compliance Platform. This powerful solution enables customers to efficiently streamline the management of multiple GRC scenarios and domains – all within a single tool.

This release focuses on two new scenarios: Compliance Management and Data Protection.

In the process, significant efforts were made to simplify and reduce the resources needed to create and support additional GRC scenarios and new regulatory requirements. These enhancements ensure that ADOGRC not only addresses current needs but is also easily adaptable to future regulatory changes and their evolving use cases.

Now, let's explore all the new features of ADOGRC 13.0 LTS in detail.

New Features for ADOGRC Users

ADOGRC as Unified Compliance Platform

As a Unified Compliance Platform, ADOGRC is designed to be a comprehensive solution for all compliance needs – built on the principles of a single source of truth and reliable information. ADOGRC centralizes and streamlines compliance management, ensuring consistency across all GRC activities. With a wide range of new features, ADOGRC enables users to focus on their specific GRC domains and tasks, providing a more efficient and targeted approach to managing risk, governance, and compliance across the entire organization.

ADOGRC Scenario Organisation & Filter

Compliance activities can now be organized more efficiently by assigning objects to specific GRC scenarios and domains. Combined with the filter in the top bar, switching between different scenarios is seamless, allowing a focus on only the most relevant data.

Organisation & Filter Pending Actions

Quickly assign multiple objects to GRC scenarios using the bulk-assign option in the context menu. This simplifies the organization of your GRC activities and helps streamline your workflow.

Organisation and Filter Dashboard

Scenario-based Recommendations

The "New" section has been optimized to provide specific recommendations for each scenario. This helps you quickly find exactly what you need within the context of the selected GRC scenario.

Recommendations

Scenario-focused Overview

To deliver a more focused and efficient user experience, the ADOGRC start page now displays only the content, objects, and tasks relevant to the active scenarios.

Scenario Overview

ADOGRC Compliance Library

ADOGRC 13.0 LTS is shipped with the ADOGRC Compliance Library. Based on the Secure Controls Framework (SCF) version 2024.2.1 and enhanced with BOC best practices, it provides a unified approach to managing compliance across a wide range of regulations and industry standards. The SCF consolidates control objectives from multiple sources, enabling organizations to efficiently address diverse compliance requirements. Supported standards and frameworks include ISO 27001, ISO 31000, NIST CSF 2.0, EU-GDPR, EU-DORA, EU-NIS2, BSI 200-1, and many more.

Learn more about the SCF on their official site: https://securecontrolsframework.com

Control Objective Catalog ADOGRC Compliance Library

New Scenario: Compliance Management

The new scenario for Compliance Management operationalizes the object type Control Objective, adding well known ADOGRC features like a master-data workflow that includes scheduling, notifications, and reminders.

Additionally, ADOGRC 13.0 introduces a new object type Control Objective Assessment, designed to support periodic, workflow-based assessments of any compliance requirement.

Both object types offer dedicated My Dashboards for contributors, as well as the brand-new Inventory Dashboards, which display all control objectives and their assessments within the repository. Each object type also includes an Insights Dashboard, offering contextual views, direct access to reports, and related elements for a more comprehensive and intuitive user experience.

Compliance Scenario

New Scenario: Data Protection

To stay on top of regulatory requirements regarding Data Protection, ADOGRC 13.0 now provides a master-data workflow for the object type Processing Activity. This workflow includes scheduling, notifications, and reminders, ensuring a structured and efficient management of data processing activities of an organization. Additionally, dedicated My Dashboards, Inventory Dashboards, and Insights Dashboards offer a clear, organized view of the entire data processing lifecycle – from the purpose of processing to the implementation of necessary technical and organizational measures. These enhancements enable organizations to maintain compliance and manage data protection with greater efficiency and clarity.

Processing Activity Insights

Processing Activity Overview

Inventory & Catalog Dashboards

To enhance transparency and ensure full control over all GRC objects within the repository, we have introduced Inventory Dashboards. Easily accessible from the top toolbar, these dashboards provide a comprehensive overview of all objects of the respective GRC object type that are relevant for the organization, enabling users to stay on top of the entire inventory and manage GRC objects more efficiently.

Through the Catalogs menu in the top toolbar, users can easily access available standard catalogs, such as the ADOGRC Compliance Library. If the ADOGRC Compliance Library is contained in the repository, it will be displayed for quick reference, enabling users to efficiently navigate and utilize this valuable compliance resource.

Inventory and Catalog

Quality of Life Improvements

ADOGRC 13.0 focuses on several quality-of-life improvements designed to streamline and simplify user workflows. These enhancements aim to make interactions more intuitive and efficient, significantly improving the overall user experience (UX). Below are some of the key improvements.

Bulk Creation of GRC Objects

To enhance the operationalization of GRC objects (e.g., Risks and Controls), we have introduced an option to create multiple Risk Assessments, Control Testings, Control Executions, and more at once.

Example: By selecting multiple Risks, an individual Risk Assessment is created for each of the selected objects. The newly created Risk Assessments are automatically linked to their corresponding Risks and inherit all relevant data. These Risk Assessments are then displayed in the tabular editor, where responsibilities and schedules can be easily adjusted.

Bulk Creation Bulk Creation Result

Explorer: Tab "Objects" as Default

In GRC scenarios, users primarily focus on interacting with individual GRC objects (e.g. Risks, Controls, Initiatives). To streamline navigation and make it easier to find the relevant information, the "Objects" tab is now set as the default view, saving users an extra click each time they access the repository.

Objects Tab in Explorer

Redesigned Start Page

The ADOGRC start page now features a clean, modern design, providing a fresh new look. This redesign not only enhances visual appeal, but also improves navigation and usability, making it easier for users to access key information and manage tasks more efficiently.

Startpage Design Refresh

Access All Relevant Information During Assessment and Review

To ensure users can always access relevant information, the latest update allows assessment & review dialogs to be minimized. This enables seamless navigation, letting users browse and locate necessary data while keeping the dialog open, resulting in a more efficient and flexible workflow.

Dialogs don't Block Content

Enhanced Editing Capabilities on ADOGRC Dashboards

All ADOGRC Dashboards now feature an Edit button in the header. This handy addition allows you to open a single object for editing or select multiple objects to modify simultaneously in the tabular editor. Managing your GRC objects is now more direct and flexible, putting control right at your fingertips.

Edit Button on Dashboard

New Features for Users of the ADOGRC Application Library

Compliance Management

With the addition of the new Compliance Management scenario, we have extended the ADOGRC Application Library with new capabilities. The most significant update is the introduction of a new object type called Control Objective Assessment. This object type enables the assessment of control objectives within various scopes, such as different organizational units or teams.

All assets now display related Control Objective Assessments within the Compliance chapter of the object's properties. This provides a comprehensive view of compliance assessments.

Control Objectives and Control Objective Assessments

Additionally, you can now assign Control Objectives and Control Objective Assessments at the process step level in the Task objects as well.

Control Objectives to Tasks

note

In German, the object type "Kontrollziel" (Control Objective) has been renamed to "Vorgabe" to make it more intuitive and easier to understand for users.

note

The availability of this feature depends on the license.

Data Protection

To meet the requirements of the EU-GDPR, we have extended the metamodel to allow documentation of Processing Activities. The new object type helps users record and manage data processing activities and link them to any relevant assets.

Processing Activity Context Widget

In addition, we have added a new chapter called Data protection to the properties of the following object types, which displays all connected Processing Activities:

  • Organisational Unit
  • Process
  • Application
  • Application Interface
  • Role
  • External Partner
  • Entity

Finally, a number of new predefined chart templates (prefixed with "Data Protection:") for Gantt and Matrix charts and the Dependency Modeller help you analyse the documented Processing Activities.

New Templates

With these extensions, you can now document the Processing Activities that affect sensitive data, document reasons and scope as required by the EU-GDPR and have your processes audit ready – all within just one click.

note

The availability of this feature depends on the license.

Additional Improvements

"General information" & "Extended information" Chapters for GRC Objects

To enhance clarity and maintain consistency, we have restructured the object properties dialog.

The chapter General information contains the most relevant information – especially concerning relevant master data.

All other additional attributes were added to the chapter Extended information. Here, you will also find the option to assign objects to specific GRC Scenarios.

Extended information

ADONIS 16 Library Extensions

As the ADOGRC Application Library is built upon the ADONIS BPMS Library, you automatically also benefit from a range of additional improvements. Check out the new features of ADONIS 16, including:

New Features for ADOGRC Administrators

New ADOGRC Administration

The completely redesigned and extended ADOGRC Administration allows you to perform all administrative tasks directly from the browser, replacing the Administration Toolkit desktop application.

Administration

The ADOGRC Administration includes the following components:

  • Users: Create, edit, and delete user groups and users. Import and export users. Track administrative actions in the audit log.
  • Rights: Manage permissions for user groups and users. Grant or revoke access to content as needed.
  • System Roles: Create, edit, and delete system roles, and assign members to system roles.
  • Libraries: Update, import and export libraries. Manage the text resources of the metamodel.
  • Repositories: Manage Repositories. Import and export models, objects, repositories and migration packages.
  • Properties: A brand new optional, licensable add-on module for extending the metamodel (more on this below). Add, change, remove and organise properties of object and model types.
  • Settings: Configure a wide range of library-specific features.
  • Licence: View licence information and add a new licence if necessary.
  • Authentication: Configure the way users can connect and log into the application.

In addition to the above components, the Tools menu grants access to advanced settings, including security settings, support information and the ability to perform maintenance tasks.

note

For instructions on using all features of the new Administration, please refer to the Administration Help of the base product ADONIS 16.1.

The new web-based Administration still provides the same functional scope of the previous desktop application but allows for a much more modern and user friendly layout. We have renamed some settings and options to make them more consistent and intuitive to understand, but the overall functionality is still the same and continues to facilitate the same flow in administrative tasks you are used to.

There are also some new components and settings as well as some which now offer a larger array of capabilities. These are described in the following sections.

Properties: A New Module for Extending the Metamodel

The Properties module, now available in the ADOGRC Administration, provides you with the flexibility to tailor the properties of object and model types to meet your organisation's needs.

You have full control over the allocation of properties, allowing you to structure them into chapters and groups as needed. At the granular level of individual properties, you can effortlessly assign or remove existing attributes and relations, and even introduce new attributes to an element.

Properties Management

Furthermore, you can modify default values for enumeration and Boolean attributes, and expand the value range for enumeration attributes. Additionally, you can change attribute help texts and specify which attributes are mandatory.
For details, please refer to the section "Properties" in the Administration Help of the base product ADONIS 16.1.

note

Attributes managed by ADOGRC workflows, such as assessment attributes, cannot be changed in the UI.

note

The availability of this feature depends on the license.

Combined ADOGRC & ADONIS Installation Package

Starting with ADOGRC 13.0, ADOGRC is now delivered as a combined Installation Package consisting of ADONIS and ADOGRC. The installation and upgrade procedures generally stay in place but some steps may have changed and are now executed in the ADOGRC Administration. For the upgrade procedure, follow the ADONIS documentation and also review and verify that the ADOGRC specific configuration as detailed in the ADOGRC Setup Guide is in place.

Removed Features

This section lists features that have been removed from ADOGRC 13.0

Administration Toolkit

The desktop application Administration Toolkit (aaws.exe) has been removed from ADOGRC 13.0 and replaced with the web-based ADOGRC Administration.

Database Administration

The tool Database Administration (adbinstws.exe) has been removed from ADOGRC 13.0.

Set up System Users (Deprecated)

The deprecated authentication mechanism "Standard (System Users)" which allowed manually importing "System Users" from the directory service Microsoft Active Directory directly from the Administration Toolkit is not supported anymore.

Migration Notes

Important notes for migrating from the earlier version of ADOGRC to ADOGRC 13.0

Changes to Software Requirements

Please note the following changes to the software requirements for running ADOGRC when migrating from previous versions.

No longer supported:

  • Tomcat 8 and Tomcat 9
  • Java 8 and Java 11

Added support for:

  • Tomcat 10.1
  • Java 17