Crisam Logo
  • Solutions
    Solutions
    • Risk & Resilience
    • Compliance, Controls & Security
    • Audit & Assurance
    • Reporting
  • Industries
    Industries
    • Financial Services
    • Energy & Utilities
    • Healthcare & Pharmaceuticals
    • Industrial & Manufacturing
    • Public Sector & Infrastructure
    • Technology & Telecommunications
  • Platform
    Platform
    • Platform Capabilities
    • Oversight & Governance
    • Configurable workflows
    • Centralised GRC data model
    • Risk & control libraries
    • Evidence management
    • Action tracking
    • Automated reports
    • Board reporting
    • Roles & permissions
    • Audit trails
    • Multi-entity structures
  • Process
  • Customers
  • About CRISAM®
  • en-gb
    • de
    • en
Contact us
  • Sprache
    • de
    • en
  • Solutions
    • Risk & Resilience
    • Compliance, Controls & Security
    • Audit & Assurance
    • Reporting
  • Industries
    • Financial Services
    • Energy & Utilities
    • Healthcare & Pharmaceuticals
    • Industrial & Manufacturing
    • Public Sector & Infrastructure
    • Technology & Telecommunications
  • Platform
    • Platform Capabilities
      • Configurable workflows
      • Centralised GRC data model
      • Risk & control libraries
      • Evidence management
      • Action tracking
    • Oversight & Governance
      • Automated reports
      • Board reporting
      • Roles & permissions
      • Audit trails
      • Multi-entity structures
  • Process
  • Customers
  • About CRISAM®
  • Contact us
GRC Software for Risk, Compliance, Audit & Reporting | CRISAM®
  1. Home
  2. /
  3. Solutions
solutions overview

Four solution areas.
One GRC platform.

From enterprise risk to compliance, audit and board reporting, CRISAM® covers the full breadth of governance, risk and compliance in around 17 modules, all built on the process model of ISO 31000. Adopt one module, or run them as one system.

Book a demo See the four areas
20+Years of experience
4Solution areas
~17Modules
500+Organisations
The platform at a glance
ISO 31000 one method Risk & Resilience Compliance & Security Audit & Assurance Reporting
customers

Trusted by 500+ organisations across regulated sectors

From listed corporations to mid-market leaders, CRISAM® supports risk, controls and audit teams in pharma, financial services, energy, manufacturing, logistics, public sector and beyond.

Pfeiffer Vacuum
Hapag-Lloyd
Dräger
STADA
Vaillant Group
Vossloh
Lenzing
Claudia Tillinger
01 · solution area

Risk & Resilience

Connect enterprise risk, operational resilience, business continuity and project risk in one structured GRC environment, so exposure is quantified, owned and steered rather than scattered across teams.

Discuss your risk setup
Abstract CRISAM® risk matrix Enterprise risk matrix Likelihood →
Module

Integrated Risk Management

Configurable standard software for enterprise-wide risk; reporting for IDW PS 340 (n.F.) is included out of the box.

Module

Information Security Management (ISMS)

A true ISMS: it assesses risk as deviation from a referenced “state of the art” and by business relevance, making risk the steering instrument for IT.

Module

Business Continuity Management

Build a tailored BCM methodically to ISO 22301 and BSI 200-4, with interdisciplinary data and meaningful reporting.

Module

Project Risk Management

Surface organisational, financial, steering and management risks across the project lifecycle before they materialise.

Module

Supply Chain Security Monitoring

Detect current threats and cyber risks across your supply chain in real time, the recurring top business risk.

Module

DORA: Digital Operational Resilience

Operational resilience for financial entities. Sits in Resilience but is regulation-driven, also relevant to Compliance.

Abstract CRISAM® controls and obligations Controls & obligations
02 · solution area

Compliance, Controls & Security

Manage compliance, policies, internal controls, ISMS and data protection with clear ownership and evidence, and answer a control requirement once to satisfy several standards at the same time.

Map your obligations
Module

Compliance Management

Automate critical compliance processes to ensure adherence to regulations and reduce risk.

Module

Data Protection Management

Stand up an effective DSMS with included processes, policies, workflows and reports for every maturity stage.

Module

Tax Compliance Management System

Document the principles and measures that secure tax obligations and prevent breaches of tax law.

Module

Legal Register

Maintain a legal register, assess relevance and process impact, and report on regulatory changes and their significance.

Module

ESG

Manage sustainability goals and minimise ESG risk on one intuitive platform. Strong overlap with CSRD reporting.

Module

Conflicts of Interest

Streamline COI reviews and approvals, replacing Excel and manual processes with a modern compliance workflow.

Module

Approvals & Disclosures Workflow

Design anti-bribery, fraud, sanctions and conflict-of-interest programmes with automated approval workflows.

Module

Legal Hold

Preserve relevant information during pending or anticipated litigation; protect critical data through the hold process.

Module

CRISAM® Compliance powered by Deloitte

Compliance content and applications delivered in partnership with Deloitte.

03 · solution area

Audit & Assurance

Support audit planning, control testing and evidence management across the Three Lines of Defence, with a clear, documented line from control to test to conclusion.

Plan your next audit
Abstract CRISAM® audit plan timeline Audit plan · Three Lines of Defence
Module

Internal Control System & Audit Management

Demonstrate the appropriateness and effectiveness of your ICS per IDW PS 982, supporting the Three Lines of Defence model.

Module

Global Internal Audit Standards

Run internal audit aligned to the IIA Global Internal Audit Standards.

Abstract CRISAM® management summary report Management Summary CRISAM® GRC report · board edition Key findings A Overall rating
04 · solution area

Reporting

This is where the platform proves its worth. Because risk, compliance and audit all run on one data model, CRISAM® turns them into transparent, audit-ready output for every audience, from information-security officers to executive management and external auditors. Other tools document. CRISAM® makes compliance defensible.

See the reporting live
Capability

Dashboards & audit-ready reports

Configurable dashboards and prefabricated, audit-ready reports make all recorded data, results and analyses available transparently for different recipient groups.

Capability

Multi-compliance reporting

Answer a control requirement once and evidence it across several standards; generate compliance reports in a few clicks.

Capability

Board reports made fast

Translate risk into the language of the board, weighing security spend against quantified risk with the Return on Security Invest model.

comparison

CRISAM® vs. generic tools vs. spreadsheets

CapabilityCRISAM®Generic GRC toolSpreadsheets & docs
All GRC disciplines on one platform✓ Integrated● Partly✗ Siloed
Multi-compliance mapping (control answered once)✓ Automatic✗ No✗ No
Method-based on ISO 31000 (CRISAM® method)✓ Yes✗ No✗ No
ISMS, ICS, BCM, ESG, tax and more in one model✓ Yes● Some✗ Manual
Audit-ready reports & dashboards✓ Built in● Effortful✗ Days of work
Return on Security Invest / analysis suite✓ Built in✗ No✗ No
Standard software, no programming✓ Yes● Partlyn/a
SaaS & on-premise✓ Both● Usually SaaS onlyn/a

Categories shown rather than named products. ✓ Yes · ● Partly · ✗ No.

faqs

Your questions about CRISAM®

How many modules does CRISAM® have, and how are they organised?
Roughly 17 application areas, grouped into four solution pillars: Risk & Resilience; Compliance, Controls & Security; Audit & Assurance; and Reporting.
Can we adopt a single module, or do we need the whole platform?
Modules can be adopted individually and integrate into one GRC operating model as needs grow. CRISAM® is a configurable standard solution.
Which standards and frameworks does CRISAM® support?
CRISAM® supports a comprehensive range of international standards, regulatory requirements and industry-specific frameworks across risk, business continuity, information security, compliance, governance and resilience. Its flexible, framework-based approach can be adapted to additional standards.
ISO 31000IDW PS 340 (n.F.)IDW PS 981/982/983Three Lines of DefenceIIA Global Internal Audit StandardsCOBIT ISO 22301BSI 200-4EN 50600 ISO/IEC 27001ISO/IEC 27002ISO/IEC 27005ISO/IEC 27701BSI IT-GrundschutzNIS2PCI DSS GDPR (EU-DSGVO)ISAE 3402DORAEBA ICT Guidelines B3S EnergyB3S HealthcareBDEW Whitepaper 2.0 VDA ISATISAX®ISO/IEC 20000ITIL®
How does CRISAM® help us prove compliance, not just document it?
The Reporting pillar turns GRC data into evidence ready for the board, auditors and regulators across every module, making compliance defensible, not just documented.
no risk, stay in touch

Ready to see CRISAM® across all four areas?

A live demo with a CRISAM® GRC specialist, tailored to your compliance obligations and existing tooling.

Contact us
Gemeinsame Nutzung CRISAM

CRISAM GRC Limited

20 Red Lion Street

London

+44 20 4634 5000 andreas.schmitz@crisam.net

CALPANA business consulting GmbH

Blumauerstrasse 45-47

4020 Linz

+43 732 601 216-0 office@crisam.net

CRISAM GRC Limited

20 Red Lion Street

London

+44 20 4634 5000 andreas.schmitz@crisam.net

CALPANA business consulting GmbH

Blumauerstrasse 45-47

4020 Linz

+43 732 601 216-0 office@crisam.net
Solutions
  • Risk & Resilience
  • Compliance, Controls & Security
  • Audit & Assurance
  • Reporting
Industries
  • Financial Services
  • Energy & Utilities
  • Healthcare & Pharmaceuticals
  • Industrial & Manufacturing
  • Industrial & Manufacturing
  • Technology & Telecommunications
Company
  • About CRISAM®
Legal
  • Data Policy
  • Imprint

© 2026 CRISAM GRC Limited