“The DSV Group and GBTEC work really well together. The consulting and reporting departments, in particular, actively exchange ideas and information. For us, it was important to have a flexible tool and the possibility to design certain concepts – and in some cases even implement them – on our own. BIC is the perfect software for our needs because it adapts to our business processes. Teamwork has played a key role from the start and has grown even stronger over the years. The business and technical expertise at GBTEC also played a key role in our decision.”
Information Security Officer / Information Security Specialist
Deutscher Sparkassen Verlag GmbH
Creating a common data source and reducing the time and effort involved in audits and administration
Ensuring ISO certifications
Prior to the implementation of the BIC GRC Solutions, the DSV Group relied on Microsoft Office to create and process reports. In particular, the second line of defense often faced the challenges of coordinating and aligning the documentation and keeping it up to date. On account of this situation and the strong compliance-driven focus of the banking group, a decision was made many years back to standardize reporting and simplify the decision-making process for management. An official requirements list, which was created in close cooperation with the executive team, provided the basis for the selection process among multiple software vendors.
Since the complex GRC processes in the DWV Group were already organized in a structured management system, the adaptability of the software was one of the group’s main requirements. The new software needed to fully map, reflect but also optimize the existing processes, which necessitates a high degree of flexibility from the software.
The BIC GRC Solutions met these requirements without compromise, which impressed the selection team in this extremely important aspect. The implementation team at GBTEC also brought the vast business and technological knowhow that was required. Thanks to the comprehensive optimization of data consistency, the group ensured a successful, seamless migration.
The DSV Group began the evaluation stage of the software selection process back in 2013 with the goal of replacing the documentation in Microsoft Office within the scope of information security. This would ensure that its mother company, Deutscher Sparkassen Verlag, obtained ISO 27001 certification, which it has maintained since 2014. During the initial concept design of the implementation project, the DSV Group placed a strong emphasis on interconnecting the individual disciplines of information security, data protection and internal audits.
The implementation in BIC GRC Solutions (formerly known als risk2value), which began in the fall of 2014, was fully completed by October 2015. Ongoing changes and improvements were made to the software in the following years. By the spring of 2018, the DSV Group started with the implementation of an integrated enterprise risk management solution, which was to be completed over the course of a year. During this phase, the company focused on self-service, which worked extremely well due to the flexibility of the tool. This created a tight integration among the risks from enterprise risk, information security, data protection as well as quality, environmental and business continuity management. Since that time, the group has been able to create common risk values that are communicated to the management team and can be used as the foundation for evidence-based management decisions. The internal group feedback regarding the implementation process was very positive.
The software has been adapted on a regular basis to reflect changing corporate structures. An enterprise rollout of BIC GRC Solutions began in the spring of 2020 while the implementation of the internal IT control system in BIC GRC Solutions started that same year. A permanent control management, which was driven by external audits and would not have been possible without software support, was implemented as part of this project.
Thanks to the integration in BIC GRC Solutions, data synchronization has been made possible. All essential data can now be accessed quickly and consistently. Risk reports are now aligned and the executive team is able to base their decisions on plausible data. Building an integrated base of data has dramatically reduced the time and effort involved with audits, while the consistent, harmonized data has significantly increased the quality of the results. Complex correlations can now be visualized more clearly. The strong collaboration between the various disciplines guarantees a uniform image, both internally and externally.
The implementation of BIC GRC Solutions and the tight integration of GRC information has broken down the silos of information. The internal teamwork and knowledge management was optimized across the organization, thereby promoting a very open, focused working style.
The DSV Group is the central provider of services and holistic solutions for the Sparkassen-Finanzgruppe, the German market leader for financial services. The group, which generated approximately 595 million euros in revenues in 2020 and is based in Stuttgart, Germany, has a workforce of approximately 2,100 employees at locations nationwide. The DSV Group consists of four specialized business units:
- S-Communication Services, a comprehensive partner for communications and digital services within the Sparkasse organization, develops and produces joint communications across the group. With innovative formats in business and educational media, it supports the digital transformation of the working world at Sparkassen branches and Landesbanken.
- S-Management Services offers intelligent software solutions and tailored services as a long-term, reliable partner of the Sparkassen-Finanzgruppe. It also serves as the central service provider for topics that are relevant to the business including risk, information, organization and procurement management.
- S-Payment, the payment competence center within the Sparkassen-Finanzgruppe, develops and markets holistic, omnichannel payment solutions for various private and business target groups of Sparkassen clientele. These include PoS, e-commerce and m-commerce solutions, such as contactless payment using cards or a smartphone.
- S-Public Services, the e-government competence center of the Sparkassen-Finanzgruppe, is the central contact for the public sector and non-profit organizations. The company provides innovative, integrated payment services as well as individualized, plug-and-play payment solutions.