Skip to content

Welcome to the GRASP GRC Documentation🔗

This documentation is intended for security, BCM, and data protection officers who use GRASP in an operational or audit-related context.

Getting Started with GRASP – How to Begin🔗

From analysis to regular updates – documentation in three steps.

GRASP guides you step by step through building and maintaining your GRC system. If you are just starting out or want to get oriented, begin with the following basics.

People overview

Frequently Asked Questions🔗

Answers to the most important questions about usage, target audience, and structure of this documentation.

Who is this documentation for?

This documentation is intended for all employees who work with Business Continuity Management (BCM) within GRASP or who bear responsibility for it.

It is particularly relevant for:

  • BCM managers / BCM owners
  • Information Security Officers (ISB)
  • IT and infrastructure teams
  • Department heads (e.g. process owners)
  • Management and auditors
  • Anyone involved in creating or maintaining BCM documents
Which content is relevant for my role?

Depending on your role, the most relevant content in this documentation varies:

  • BCM owners / BCM managers Key chapters include: implementation steps, roles & responsibilities, BCM documents, and audit management.
  • IT / Infrastructure Especially relevant: emergency concepts, recovery planning, technical dependencies, and recovery measures.
  • Departments / Process owners Relevant topics: Business Impact Analysis (BIA), critical processes, dependencies, and requirements for emergency measures.
  • Management / Decision-makers Relevant topics: overview of BCM objectives, risks, strategic measures, as well as audit status and results.
  • Auditors / Compliance Relevant topics: policies & guidelines, documentation requirements, evidence, as well as audit management and reporting.
How is this documentation structured?

The GRASP documentation is organized thematically into main areas that align with the key modules and standards. The navigation provides both a general introduction and specific content on standards and specialized topics.

It consists of:

  • Start: Overview, feature scope, platform overview, start guide, and FAQ & troubleshooting
  • Shared areas: Content used across modules (e.g. organization, asset inventory, findings & measures, document management)
  • Standard & topic areas: Content aligned with common frameworks (e.g. ISO 27001, NIS 2, IT-Grundschutz, Business Continuity Management)

Within each area, chapters are structured so you can follow along step by step – from scope / applicability through methodology (e.g. BIA, protection requirements, risk management) to audit and reporting topics.