Krishnan Ramanthan FPR PDF

A Report on Transforming FreshGRC 6.
0 and Implementing a
Blockchain based Whistleblower
At
Fixnix Infosec Solutions
Submitted by:
Asish Kumar Behera

PRN: 19030241060
MBA-ITBM
2019-21
SYMBIOSIS CENTRE FOR INFORMATION

TECHNOLOGY
SYMBIOSIS INTERNATIONAL (DEEMED UNIVERSITY)
Year of submission 2020
Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 1

Certificate
This is to certify that the project entitled Transforming FreshGRC 6.0 and Implementing a
Blockchain based Whistleblower is a bonafide work done by Mr. Asish Kumar Behera
(19030241060) of MBA ITBM 2019-21 in partial fulfillment of the requirements for the degree
of Masters of Business Administration of this Institute.
Internal Evaluator External Evaluator Director

Name & Signature Name & Signature
Date: / /
Place: Pune
Seal of the Institute

Project Completion Certificate

Acknowledgement
I take this opportunity to express my profound gratitude and deep regards to my

guide, Prof. Krishnan Ramanathan for his exemplary guidance, monitoring and
constant encouragement throughout the course of this Internship.
It is my great pleasure to present my work on the summer training project at

FixNix InfoSec Solutions. It has been a great learning and enriching experience
associated with the various business aspects in the organization. I would like to
take this opportunity to thank my company guide Mr. Prasanna Venkatesh and
Mr. Vivek Robin Kujur for his extended support and valuable guidance
throughout the internship period.
It was a splendid learning experience for me to have worked in the GRC and
Information Security domain. I am grateful for the responsibility accorded to me
in the organization which has helped me to learn a great deal on the industrial
implementation.
I am also obliged to staff members of Symbiosis Centre for Information

Technology for the valuable information provided by them in their respective
fields during my internship period.

CONTENTS
CHAPTER-1 INTRODUCTION .............................................................................................................. 10
1.1 FixNix:................................................................................................................................... 11
FreshGRC:.................................................................................................................................... 11
Challenge: ................................................................................................................................ 11
OVERVIEW: .............................................................................................................................. 11
BENEFITS:................................................................................................................................ 11
1.2 INTERNSHIP PROJECTS: .................................................................................................... 12
COMPLIANCE MANAGEMENT AND ASSET MANAGEMENT: .................................................... 12
NIXWHISTLE: ............................................................................................................................... 12
COMPLIANCE MANAGEMENT MODULE: ............................................................................... 12
USER ROLES: .......................................................................................................................... 14
ASSET MANAGEMENT MODULE: ........................................................................................... 16
WHISTLEBLOWER: .................................................................................................................. 26
CHAPTER-2 ANALYSIS OF WORK DONE .......................................................................................... 27
2.1 REVIEW OF THE PROBLEMS ENCOUNTERED: ................................................................. 28
BUSINESS: ................................................................................................................................... 28
MANAGERIAL: ............................................................................................................................. 28
TECHNICAL:................................................................................................................................. 28
OTHER PROBLEMS: .................................................................................................................... 29
2.2 APPROACHES TO THE ABOVE PROBLEM: ....................................................................... 29
BUSINESS: ................................................................................................................................... 29
o CORPORATE OBLIGATIONS MANAGEMENT: ................................................................ 29
o CONTROLS ASSURANCE PROGRAM MANAGEMENT:.................................................. 29
MANAGERIAL: ............................................................................................................................. 32
TECHNICAL:................................................................................................................................. 33
OTHER PROBLEMS: .................................................................................................................... 33
2.3 ANALYSIS OF THE WORK DONE: ....................................................................................... 33
2.4 ALTERNATIVE APPROACHES: ........................................................................................... 35
INTELLIGENT GRC: ..................................................................................................................... 35
INTELLIGENTGRC MODULES: ................................................................................................ 35
CHAPTER-3 LEARNING AND TECHNOLOGIES ................................................................................. 42
3.1 Project 1: FreshGRC- SaaS Based GRC Software .............................................................. 43
Organizational Knowledge: ......................................................................................................... 43
Technical Knowledge .................................................................................................................. 43
3.2 Project 2: Blockchain Whistleblower .................................................................................. 45
Learnings ..................................................................................................................................... 46

CHAPTER- 4 CONCLUSION ................................................................................................................ 47
4.1 Project 1: FreshGRC - SaaS Based GRC Software ............................................................. 48
4.2 Project 2: Blockchain Whistleblower .................................................................................. 48
BIBLIOGRAPHY: .................................................................................................................................. 49
APPENDIX I .......................................................................................................................................... 50
APPENDIX II ......................................................................................................................................... 51
APPENDIX III ........................................................................................................................................ 54
PLAGARISM REPORT ......................................................................................................................... 58

List of Figures:
Figure 1: Compliance Library ................................................................................................................. 13

Figure 2: Compliance Library Features .................................................................................................. 13
Figure 3: Work-Flow .............................................................................................................................. 14
Figure 4: Compliance Library Work-Flow ............................................................................................... 14
Figure 5: Compliance Library Revamped ............................................................................................... 14
Figure 6: Dashboard .............................................................................................................................. 15
Figure 7: Report .................................................................................................................................... 16
Figure 8: Asset Dashboard .................................................................................................................... 18
Figure 9: Asset Dashboard Continued ................................................................................................... 18
Figure 10: Interactive Filters................................................................................................................... 19
Figure 11: Asset Registration Procedure ................................................................................................ 20
Figure 12: Asset Criteria ........................................................................................................................ 20
Figure 13: Asset Types .......................................................................................................................... 21
Figure 14: Asset Planning ...................................................................................................................... 21
Figure 15: Asset Assessment ................................................................................................................ 22
Figure 16: Assessment Features ........................................................................................................... 22
Figure 17: Assessment Status ............................................................................................................... 23
Figure 18: Asset Priorities ...................................................................................................................... 24
Figure 19: Asset Labelling ..................................................................................................................... 24
Figure 20: Asset Addressing .................................................................................................................. 25
Figure 21: Asset Review ........................................................................................................................ 25
Figure 22: Whistleblower ....................................................................................................................... 26
Figure 23: Compliance Segregation ....................................................................................................... 30
Figure 24: Marketing Campaigns ........................................................................................................... 30
Figure 25: Webinar ................................................................................................................................ 31
Figure 26: Webinar 2 ............................................................................................................................. 31
Figure 27: Webinar 3 ............................................................................................................................. 32
Figure 28: Graphs of Clients .................................................................................................................. 34
Figure 29: Policy Reports....................................................................................................................... 35
Figure 30: IntelGRC............................................................................................................................... 36
Figure 31: Collaborated Workflow WhistleBlower ................................................................................... 39
Figure 32: UI/UX features ...................................................................................................................... 40
Figure 33: Additional Features ............................................................................................................... 41
Figure 34: Dashboard ............................................................................................................................ 41

List of Tables:
Table 1: Problems cited ......................................................................................................................... 29

Table 2: Solutions .................................................................................................................................. 33
Table 3: Industry Reports....................................................................................................................... 34
Table 4: Project FreshGRC.................................................................................................................... 53
Table 5: Project Whistle-Blower (NixWhistle) ......................................................................................... 54

ABSTRACT
FreshGRC
GRC is a tool that helps an organization/industry to meet its objective. Governance is a set of
plans and processes maintained by the organizations to achieve their goals. To make the management’s
commitment/dream true Governance is deployed. Governance always translates the management wishes
to organization’s performance. Risk management helps the organizations to predict the risks that could
obstruct the organizations in achieving their goals. In other words, risk is defined as something unusual
may happen in future.
Controls are nothing but safeguards. Controls will reduce the risk score and the risk will reach
acceptable level. If the organization is satisfied then the controls are implemented with their authorization/
approval. Once the control got its approval for implementation the compliance will come into the picture to
ensure that the control is effective or non-effective and when it is going to be implemented etc. So, the
control is the key to compliance. Compliance is a method to monitor whether the organizations are
fulfilling the established policies, procedures, laws and regulations. If there is no policies and procedures
in an organization will lead to errors and performance issues. There are three types of controls;
preventive –happens to prevent risk, corrective – happens after risk, detective – used to detect the risk. In
compliance management identify the compliance requirement and capture the supporting information like
control library, reporting templates and then verify whether the support is sufficient and finally confirm the
auditability of compliance.
Fixnix’s FreshGRC product aims to democratize the GRC industry as a cost-effective alternative
to most GRC products. At 10% the cost of other GRC products, ours is easy to adopt and scalable to any
enterprise’s requirements. This product also minimizes the need for a large compliance team as it
automates various security processes like Internal Audits, Risk Management, Asset Management etc.,
allowing an enterprise of any size to go live quickly with an established, integrated and fully developed
security plan.
Blockchain Whistleblower
Blockchain Whistleblower being a new concept put forth by FixNix Inc. required a lot of research
and base work. A whistleblower is someone who steps outwards and reveals his/her awareness about
some corruption he / she feels is taking place in the organization as a whole in any specific department. A
Whistleblower may be a contractor, employee or a manufacturer who is suspicious of any unlawful
activity. These consists of unique provisions to shield Whistleblowers from in securing their employment
or being abused. Many organizations have a different protocol that explicitly outlines whether to handle an
event of this kind. A Whistleblower may bring a lawsuit or lodge a report with higher authority that would
cause a criminal prosecution against the company or its agency.
I worked on the idealization and development of blockchain whistleblower. It included the creation
of the workflow, prototype and initialization of its development. Improvements over the existing workflow
and use of tokenomics in the blockchain whistleblower were made. Tokenomics being the new concept
needed to be worked on and studied before any implementation in the system.

CHAPTER-1 INTRODUCTION

1.1 FixNix:
FixNix Inc. is a pioneer in advanced risk control systems, IT partner risk reduction services and
enterprise continuity management strategies, Gartner 2020 reports. FixNix Inc.’s FreshGRC Software
platform helps companies on on-premises and SaaS-offers multidimensional risk management framework
to rapidly incorporate industry standard frameworks and best practices for integrated risk management
efficiency, proactive decision taking and increased business performance.
FreshGRC:
Challenge:
The management of risk and security poses numerous barriers for organizations. Compliance data
are often stored in many tablets and these tablets display these data only at a certain point of time. Various
business divisions monitor the company's risk and compliance data using different approaches and
resources. So, it is very complicated to get details to the stakeholders easily by manual processes.
OVERVIEW:
The FreshGRC Platform promotes corporate governance, risk and compliance (GRC)
management. As the core of all FreshGRC applications, the System helps you to tailor a wide variety of
technologies to your needs, create innovative business processes and merge them with external
frameworks without having to access a single line of code. A scalable approach from FreshGRC has won
over some of Fortune 500's most competitive businesses. The organizations have taken advantage of the
platform's ability to develop FreshGRC technologies and model additional processes within a split time
required to build typical custom applications.
BENEFITS:
A standard framework for the management of policies, controls, risks, assessments and defects across the
business units is the FreshGRC System. The platform is framed to:
• SCALABLE: The Software offers a point-and-click design for the creation and maintenance of
enterprise applications. non - technical consumers can simplify their workflow, optimize user
experience, customize their user interface, and monitor in real time.
• UNIFIED: With a centralized interface, FreshGRC offers policy implementation, monitoring, risks,
reviews and enterprise deficiencies. A streamlined approach simplifies program complexity,
increases awareness by users and limits preparation time.
• COLLABORATIVE: Cross-functional communication and collaboration will be made possible
through the Network. IT, financial, operations and legal clients will work together across shared
processes and records, in an interconnected environment.
• INTERACTIVE DASHBOARDS: Make utilization of the pre - configured real - time dashboards and
build customized Web interface. Facilities of scanning and testing risk and compliance data quickly.

1.2 INTERNSHIP PROJECTS:
COMPLIANCE MANAGEMENT AND ASSET MANAGEMENT:
I was associated with the organization as a Product Manager, FreshGRC, GRC solution. The
Compliance and the Asset management modules were my core competencies. From designing the latest
version to deploying it on the clients’ premises as well as offered my service to the client for deploying it on
the cloud due to the pandemic.
As an organization in GRC space, understanding the sector as well as keeping up with the competition
is a major task. Since I am associated with FixNix Inc. as a Product Manager, it is a prerequisite to
understanding the existing market for better exposure. With the market having the likes of RSA Archer,
SAP GRC, Oracle etc. who are all well established in this space, it is a challenging as well as an upheaval
task to find a footing in the market and at the same time provide value to the customers.
As a Product Manager, I thoroughly tested the previous version that was V6.0 of Compliance
management and discovered areas where the product required enhancements for a better UX. During this
tenure, I identified that the compliance library has to be updated to be aligned as well as customizable as
per the requirements. So, I updated the Compliance library which was having around 10 standards
previously to 150 standards and coordinated with the developers in revamping the module. Interactive
dashboards were integrated to the modules stacked to give real-time visibility and reporting to the group of
executives.
As FreshGRC’s Product Management Asset Management module providing solutions and real-time
management and control every asset across your organization. Enrichment of UX and enhancement of
monitoring features of contracts and software licenses in a single place. Enjoy seamless user experience
and leave the traditional ways behind. Implementing the feature allows for creation of powerful software
inventory reports with a detailed list of applications installed and designing of interactive dashboards.
Deploying the process automation for organizations to easily monitor and track their IT and software
assets. Automatically populate the list of assets with the tool. This module was revamped with COVID-19
to subside the manual intervention and keep a track of the IT assets.
NIXWHISTLE:
Designing an advanced blockchain based Whistleblowing platform to help gather information and
resolve conflicts. A perfect case management platform for employees to report malicious activity and remain
anonymous at the same time. Creation of smart reporting process to the managerial board with the proper
implementation of R3 Corda platform. Associated with the blockchain team to appropriately configure the
report processing feature and at the same time establishing anonymity which should be of utmost priority.
Ideating, Conceptualizing and Building use cases for blockchain implementation in various industries
and Government organization using R3 Corda platform for deploying private blockchain architecture in their
workflow.
COMPLIANCE MANAGEMENT MODULE:
As an organization in GRC space, understanding the sector as well as keeping up with the
competition is a major task. Since I was associated with FixNix Inc. as a Product Manager, it is a
prerequisite to capture the existing market for a better foothold and strategizing a roadmap for the
solution. With the market having the likes of RSA Archer, SAP GRC, Oracle etc. who are renowned
business leaders in this space, it is a challenging as well as an upheaval task to find a footing in the
market and at the same time provide value to the customers. As a Product Manager, I thoroughly tested
the previous version that was V6.0 of Compliance management and discovered some loopholes. During
this tenure, I identified that the compliance library has to be updated to be aligned as well as

customizable as per the requirements. So, I updated the Compliance library which was having around 10
standards previously to 150 standards and coordinated with the developers in revamping the module.
Figure 1: Compliance Library
With the revamped version of the product, new features were added such as defining the business units by
the compliance author. New user roles were defined to streamline the process of Compliance management
Figure 2: Compliance Library Features
With the revamped version of the product, new features were added such as defining the business units
by the compliance author.

USER ROLES:
COMPLIANCE AUTHOR:
Figure 3: Work-Flow
The methodology included an approach to ease the job of the Compliance Author. It is a 3-step process to
launch the compliance checklist for further assessment.
Figure 4: Compliance Library Work-Flow
The Compliance library comes with pre-installed checklists comprising nearly 50 standards. The customer
can easily select the standard from the library and move onto the next step. Further, in the
customized library, the user can change the checklists as per their requirement enabling them to enhance
the controls for better efficacy. FixNix Inc.’s FreshGRC platform also provides OSHA regulations and
mapped the controls into the GRC platform to help organizations to deal with the current COVID-19. And
at last, we have the Activated Standard, where the pre-installed checklist can be uploaded as well as the
customized checklist with updated controls can be added to the Activated standard.
Figure 5: Compliance Library Revamped

COMPLIANCE REVIEWER:
The role of the Compliance Reviewer would be to analyze:

❖ Compliance Audits
❖ Number of Audits and their Periodicity
❖ Maintaining the Compliance library and Requesting for updating the repository
❖ Planning the Compliance Audits
Using FixNix Inc’s FreshGRC platform, client's overall IT enforcement and management framework should
establish and manage a structured system comprising procedures, inventory databases, process and object
risk, risk mitigation mechanisms and review and monitor programming[1]. The reporting requirements as
well as templates and timelines of the various laws are included in the standard operating procedures.
Figure 6: Dashboard
ASSESSMENT:
Compliance Assessment is a unique feature of the product as it provides insights and supports the
organization by:
❖ In-depth Assessment of the compliance checklists
❖ The New feature for Clause Management
❖ A dynamic report depicting the domains and sub-domains of the standards
❖ Interactive plan management for the assessor to understand the clauses of the compliance.

REPORT:
Assess the impact of Automate task assignments, Disable repetitive, quasi-scalable

regulatory changes more report creation and controls enforcement practices by the
quickly with a single, testing to reduce time burdens introduction of a standardized,
central repository for all on resources and minimize the repetitious procedure for new and
regulatory feeds and data. risk of compliance failures. evolving legislation.
Figure 7: Report
For further analysis, a report can be generated to have an in-depth analysis of the compliance where all
the domains, subdomains and controls can be analyzed with the infosec team as well as the CXOs and
can take necessary steps to adhere to the compliance and avoiding the risk of penalties for being non-
compliant to the standards.
ASSET MANAGEMENT MODULE:
For further analysis, a report can be generated to have an in-depth analysis of the compliance where all
the domains, subdomains and controls can be analyzed with the infosec team as well as the CXOs and
can take necessary steps to adhere to the compliance and avoiding the risk of penalties for being non-
compliant to the standards.

Automatically populate list of assets
Dynamically create a list of all assets. It allows you to scan assets as well as add assets to the web console.
It also creates a powerful software inventory reports with a detailed list of applications installed. Allows
customers to use the Import CSV feature for bulk addition of assets. The system also provides help to
migrate clients from existing tools to FixNix's Asset Management Software.
Easy to track and audit all your assets
It becomes easier to track all assets, which we can audit through the Audit Management Suite if required.
Asset Management & Reporting
Using FixNix reporting capabilities, you can track asset by type, date, person, location, financial impact,
and other attributes.
Major roles in Asset Management are;
• Asset Owner
• Asset Custodian
• Asset Reviewer
The General flow will be the asset owner is responsible for the entire management of asset and if any issue
arises then the custodian comes into the picture and he will do assessment and record the actions and then
the reviewer will review the asset conditions.
DASHBOARD:
The Asset Dashboard is shown based on users:
• Owner
• Custodian and
• Reviewer

Figure 8: Asset Dashboard
The Information Asset Owner (IAO) is accountable for both the proper treatment and the management of
specific data assets. This ensures that data properties are adequately secured and their importance is
completely used by the company. Well performance brings considerable advantages.
Figure 9: Asset Dashboard Continued

Figure 10: Interactive Filters
ASSET:
There are various types of assets:
• Information Assets
• Computer Assets
• Mobile Assets
• Software Assets
• Service Assets
• Miscellaneous
• Document Assets
• Source Code Assets
ASSET REGISTRATION PROCEDURE:
Create a new asset and fill the details of the asset:
1. Name of the Asset with its description

2. Information Asset Properties like retention period of the asset which is the time period of the asset
to be restored or maintained.
3. The CIA/Security properties:
• Confidentiality: Limits access to information.
• Integrity: Trustworthiness about the information of the assets.
• Availability: Restricted access to only authorized people.
4. Based on the above given data it gives an ‘Asset Value’.
5. Classify it as Confidential or strictly confidential or Public or Business.
6. Assign the roles such as ‘Owner’, ‘Custodian’, ‘Reviewer’ and the ‘asset Users’.
7. Finally, add the asset information.

Figure 11: Asset Registration Procedure
Figure 12: Asset Criteria

Figure 13: Asset Types
Figure 14: Asset Planning
ASSESSMENT:
Assessment task is performed by the custodian. The actions during the assessment are;
• Record the security/CIA information of the asset.

• Evaluate and access the current level protection of the asset.
• After evaluation custodian can recommend some of the controls to be placed under some
categories like labeling, disposal, transport, storage, addressing if necessary.
• Closure date is recorded for the assessment which is carried out.
• During the assessment stage the status will be displayed as identified and later it is changed to
evaluate in the following phase.
• The asset value is also displayed in the top based on the CIA information of the asset.
Figure 15: Asset Assessment
Figure 16: Assessment Features

Figure 17: Assessment Status
ACTIONS:
• The Action task is also performed by custodian and the following actions are done.
• Based on the recommendations from the assessment, controls are added for the categories such
as labeling, disposal, transport, storage, addressing.
• Brief description about the assessment is recorded.
• The status is changed to evaluate and it is passed on to the reviewer for review.

Figure 18: Asset Priorities
Figure 19: Asset Labelling

Figure 20: Asset Addressing
REVIEW:
• The reviewer is responsible for the review task. The following actions need to be carried out by
the reviewer;
• The actions taken by the custodian as well as the evidence document from the assessment
phase are passed on to the reviewer.
• The reviewer will review the actions and evidence documents and prepare a closure statement.
• The reviewer then decides the next review date and as well the asset decision.
• The asset decision is categorized into:
o Accept gap analysis and close – Actions are accepted and review is closed.
o Accept till next assessment – Actions are accepted temporarily until next assessment.
o Redo action – not happy with the actions and assessment.
Figure 21: Asset Review

WHISTLEBLOWER:
A whistleblower is an individual who reveals his / her knowledge of any misconduct he / she
believes to occur across the entity or a certain unit. An employee, vendor or manufacturer who learns about
any criminal conduct may be an informant.
There are unique provisions that shield whistleblowers from work injuries or harassment. Many
organizations have a formal protocol that makes it transparent how such an event will be handled. An
informant can file a lawyer's case or lodge a report with superior authorities to cause the organization or
specific agency to investigate.
Inner and outer are the two main types of whistleblowers. Corporate insiders are people who inform
senior officials, such as Head, HR or CEO about misconduct, abuse or punishment. External whistleblowing
is a word that is applied when disclose corruption by informants when persons beyond of the company such
as the newspapers, political agencies or police.
Below are the features of block chain:

o Makes permanent copies of every transaction.
o Gives a copy to everyone in the system every time.
o Uses cryptography to guard against fraud.
The identity of any whistleblower no matter how big or small the fraud is needs to be protected and
blockchain helps in keeping all the information secure and extremely difficult to acquire by any means.
Blockchain whistle blower will help protect lives of every whistleblower and provide all the information of
any fraudulent activity to the right authority.[9]
The following steps were taken to complete a working module of Blockchain WhistleBlower.
o Research: During research various aspect were undertaken such as Blockchain, Tokenomics, The
Whistleblower Protection Act, 2011 and concept of whistleblower.
o Initialization: Using all the research a concept for a model of Blockchain Whistle blower was
developed. The basic architecture was developed for the working of blockchain with whistleblower
modulation.
o Module workflow: Number of user and roles for whistleblower module are developed. A workflow
of module is specified and flow diagrams are developed for each user.
o Development: The development of module using blockchain technology was
initialized for backend. The development of front end was started using angular
JS.
Figure 22: Whistleblower

CHAPTER-2 ANALYSIS OF WORK DONE

2.1 REVIEW OF THE PROBLEMS ENCOUNTERED:
Let’s identify the problem statement:
Government and corporate institutions make policy changes, guidelines and business requirements
regularly in increasingly challenging regulatory framework. Organizations which comply with a variety of
regulatory requirements are faced with an awful task of protecting these changes updated. From the
viewpoints of risk and regulatory enforcement to privacy issues, companies are obliged to develop
legislative amendments and to enforce steps and appropriate processes for the preservation of
enforcement. Nevertheless, as legislative data from a range of sources become increasing and private data
collection becomes more concentrated, it is not easy to recognize, analyze, and adapt to problems that
affect your business.
BUSINESS:
• How to map the controls to align with the regulatory compliances and prioritize the issues that affect
the business on a large scale?
o This has been categorized under Business difficulties as specific policies and regulations also
allow business units to provide control certificates which are equivalent or similar through
different enforcement initiatives. The change in priorities and resources means that the staff
start settling and ignoring the requests to comply, which will further increase the risks of fines
and penalties for failure to comply with these requirements.
• The organization was facing a plethora of problems when it came to marketing its product despite
having a good user base to increase the organizations’ footprint? Now, the question was how to
increase the visibility of the product in the country and across the world?
o This is a typical business problem as we are concerned about the product’s visibility and
eventually accrue benefits.
MANAGERIAL:
• How to present a holistic approach to address policies and meet the regulatory obligations required
to run businesses and lessen myriad of spreadsheets, data repositories, etc.?
o This problem statement has been categorized under “MANAGERIAL” difficulties as business
leads, product owners have to maintain a repository. The resulting proliferation of
spreadsheets, emails and data repositories spread across the network contributes to a lack of
coordination and accountability among the many different stakeholders.
TECHNICAL:
• The organization was facing a technical dearth and precise approach in building a vivid strategy
and also lack of a roadmap to automate the features eventually decreasing the manual intervention.
The question was how to liberate the workforce from doing menial tasks, so that developers can
spend more time on developing features and meet the timelines of the project?
o This problem is categorized under Technical difficulties as the pandemic went on to disrupt the
organizations strategy and moving from on-premises to the cloud was imminent and the
technical dearth with respect to cloud-based solutions was an issue for the organization?

OTHER PROBLEMS:
Sr Problems Technical/Business Remarks

no. /Managerial
1 Inefficient and crowded dashboard of Technical Does not provide overall view of modules,
GRC product unnecessary functionalities cover spaces.
2 Hostile user Interface for overall Technical Overall changes in design are required for
website. user-friendly interface.
3 Integration of modules in FreshGRC. Technical Integration of modules is required.
4 Information gap in modules in Technical Requires more informational changes in
FreshGRC modules.
5 Bug Fixing for all modules in GRC suite Technical Logical, functional errors and typos need to be
addressed.
6 Inadequate compliance reviewing and Technical Proper review and scoring technique required
scoring method in audit module. in audit module.
7 Inefficiency in user access. Technical Proper user access to be defined.
8 Highly populated admin module. Technical, Unnecessary functionalities over-crowd admin

Managerial module.
9 Lack of proper presentation for client, Business Presentation changes required for business
partner pitching. point of view. Different presentations required
according to audience.
10 Lack of Clients. Business Ineffective product demonstrations.
11 Knowledge gap in developers Business Developers require mentoring in technical
difficulties and training.
Table 1: Problems cited
2.2 APPROACHES TO THE ABOVE PROBLEM:
BUSINESS:
• The corporation should have a good awareness and fluid compliance status, allowing it to pursue
operations that satisfy the most appropriate market regulatory requirements. Limiting over
compensatory responses and inefficient processes allows more money returning to corporate
strategies.
o CORPORATE OBLIGATIONS MANAGEMENT:
Corporate Responsibilities Administration offers the tools and resources required for tracking
contractual regulatory requirements through FreshGRC. It allows the company to
systematically monitor changes to these responsibilities, to understand the market effect and
to give priority to a response. The company can provide quick and accurate guidance on
regulatory and other security requirements for planning and IT organization, which the
company is responsible for managing in cooperation with business processes.
o CONTROLS ASSURANCE PROGRAM MANAGEMENT:

A structure and morphology for institutionally tracking the control environment and evaluate
and reporting on the efficiency of controls at the level of organizational Leadership and
business processes was provided by FreshGRC's Controls Assurance Program. To achieve
any consistency goal, the organization should apply specific and reliable control instructions.
Figure 23: Compliance Segregation
• The other problem that organization faced was the marketing of the product. The pandemic
presented its own set of challenges preventing visiting clients’ premises for product pitching and all
other forms of marketing. Thanks to the tools such as HubSpot, SendGrid, LinkedIn which certainly
made it easy for launching email campaigns and visualize the campaigns success rate through
numbers and graphs.
Figure 24: Marketing Campaigns

The other way to reach out to the clients by conducting webinar campaigns showcasing the
products and all security challenges that organizations can face during this unprecedented time
and how the solution buttress to map the industry controls to counter those challenges. Organized
live webinar sessions for the Organization.
Figure 25: Webinar
Figure 26: Webinar 2

Figure 27: Webinar 3
MANAGERIAL:
• The program management of FreshGRC is intended to enable groups to conduct privacy impact
evaluations, to monitor the communication systems with relevant authorities in legislative and data
violations form. A centralized database of information required to illustrate the company's
commitment to compliance to GDPR throughout the privacy program is available to Chief Privacy
Officer, DPO and data protection teams.
o PRIVACY PROGRAM MANAGEMENT:
The Privacy Management Program of FreshGRC has been designed to enhance organizations'
protection of individual data analysis, record contact with regulator [2] and determine the
privacy risks associated with PII planning. Organizations are motivated to show conformity with
regulatory requirements by greater vigilance and improved systems. Developing a successful
system of privacy protection will also have a positive impact on the company by reduced
sensitivity to fear of fines and non - conformance sanctions.

TECHNICAL:
When the organization is facing technical dearth, it is mandate to go for upskilling of the employees to
maintain that agile environment, the solution which I provided to have upskilling of employees on certain
technologies such as AWS, R3 Corda [3], so the developers can develop next-gen software and adhere
to the deadlines enhancing user experience at the same time.
OTHER PROBLEMS:
Sr Problems Solutions
no.
1 Inefficient and crowded dashboard of Explore GRC and design and analyze efficient use of dashboard
GRC suite. and assign task to developers.
2 Hostile user interface for overall Prepare and redesign website, removing the hostile elements
website. from the website.
3 Lack of Integration of modules in Analyze the logical flow of information and design structural
FreshGRC. changes to module to make integration easier.
4 Information gap in modules in Study different aspects of GRC and industry standards to
FreshGRC provide the right information for module and make required
changes.
5 Bug Fixing for all modules in GRC suite Study and use FreshGRC to explore and identify typos and
functional and logical errors, report and assign to developers.
6 Inadequate audit reviewing and Study and design new technique to review and score audit to
scoring method in audit module. make is user friendly and remove confusing elements.
7 Inefficiency in user access. Provide proper user access limits and assign the task to
developers.
8 Highly populated admin module. Analysis of the admin module to identify important, redundant and
unnecessary functionalities and act accordingly.
9 Lack of proper presentation for client, Changes in presentation for business point of view. Different
partner pitching. presentations required according to audience.
10 Lack of Clients. Increasing pre-sales activities such as product pitching, mails to
industry CISO’s.
Table 2: Solutions
2.3 ANALYSIS OF THE WORK DONE:
The revamped Compliance management has various features and it has been used by organizations.
FixNix Inc. consulted seven companies in recognition to their management, risk and enforcement
practices about the use of FreshGRC. The interview was structured to clarify the qualitative and quantitative
effect of the FreshGRC application. The participants in the sample typically were big — in some cases
worldwide — facing challenges and regulatory problems during their extensive operations. There have been
encounters in banking markets, hospitals and vertical insurance providers, in significant risks to economic,
financial and banking risk-oriented organizations.

DEMOGRAPHICS OF INTERVIEWED ORGANIZATIONS
AVERAGE MEDIAN
Number of Employees 23,171 21,000
Number of IT staff 1,576 1,428
Number of IT users 22,886 20,400
Number of business applications 1,002 1,000
Number of offices/sites supported by FreshGRC 100 70
Number of total endpoints supported by FreshGRC 9,243 11,008
Industries Financial services, healthcare, and insurance
Table 3: Industry Reports
In order to learn how they use technology to help their policy, risk and their regulatory activity, FixNix
Inc. undertook independent and comprehensive conversations with seven organization, who have
implemented FreshGRC. Study participants noted that FreshGRC allowed themselves to tackle the
risks more effectively and efficiently given the difficulties and change in risk environment throughout their
companies. As a result, participants have lowered their organizational risk exposure by making their GRC
efforts quite productive and also more efficient, even though they have a substantial financial value.
FixNix Inc. puts the value the interviewed organizations are achieving at an average of $17,931 per 100
users per year, which would result in an average five-year ROI of 496%, by:
• Limit the corporate risk associated with compliance with regulations, third-party relations and
security risks.
• Bailing management, increased communication and cross-corporate visibility for more effective and
productive GRC activities.
• Improve line-of - business users' operating performance by reducing risk operating impact and
optimizing FreshGRC 's technology.
• Rising staff time required for security issues to be detected and remedied.
Our policy module depicts how organizations have followed and addressed policies, baselines, guidelines,
procedures, etc.
Figure 28: Graphs of Clients

Figure 29: Policy Reports
2.4 ALTERNATIVE APPROACHES:
INTELLIGENT GRC:
As response to the growing attacks related with increasing risks of automated data management on
decision making in the companies, IntelligentGRC application has been developed. Use IntelligentGRC,
the probability of exposure to IT infrastructure will be assessed and the appropriate level of risk could be
diligently agreed on and which safeguards can be enforced. The business is able to increase its awareness
of internal control and the use of IT technologies and further drastically reducing the intention to commit
malpractice through the effective integration of tools and communication to staff. Besides, the universality
of the IntelligentGRC tool enables integration with various systems and business applications (not just
ERP) available on the market.
INTELLIGENTGRC MODULES:
• IntelWork-Flow – Flexible framework and enterprise software tool for handling device access.
• IntelAccess – Enables user to have emergency access (to wide system access) in specific
scenarios and ensures complete authority of risk arising from excessive access privileges through
developed event logging mechanisms.
• IntelSoD – Innovative approach for both analysis of SoD, simulation and the periodic access
evaluation on the basis of the specified SoD index.
• IntelReport – an extensive reporting module that allows you to quickly generate personalized and
customized reports based on data in the system.
• IntelArchitect – an effective monitoring interface that allows users to easily develop customized
reports depending on system information.
• IntelReview – Periodic automated exposure evaluation and can be entirely customized.
• IntelRODO – tool enabling identification and cataloguing of personal data to obtain GDPR
compliance (extended Records of Processing Activities).

Figure 30: IntelGRC
• Research work was conducted to figure out the working of blockchain, tokenomics, whistle blower
and The Whistleblower Protection Act, 2011. After a deep understanding of all the concepts the
modulation of blockchain whistleblower was conducted[4].
• Improved Blockchain whistleblower implementation workflow/process.

The Blower can anonymously blow whistles by clicking the whistle icon in the FreshGRC platform and
they can enter their organization name and start their blowing process. They can give all the mandatory
details of their whistle and submit for investigations. They need to furnish maximum details to get a

neutral solution. They can attach any evidences for their whistles. Once after the submission of whistle a
tip id is assigned for the blower and they can use the tip is for tracking their whistle.
• Improved Blockchain whistle investigator workflow/process.
Figure 31: Collaborated Workflow WhistleBlower
The investigator can do the investigation based on the whistle information provided and give the solution
for the blower as well as update the management about the whistle and solution. If more information or
evidence is needed the investigator can ask for more information from the blower. The investigators have
three actions he/she can investigate a fresh whistle/ reopened whistle by blower or Rejected whistle by
reviewer.

• Designed and improved the UI/UX of whistle investigator/reviewer page.
Figure 32: UI/UX features
From the investigator, the investigated whistle passes to the reviewer. The reviewer reviews the solution
as well as the whistle information and if he/she is satisfied then he/she will approve the solution provided
by the investigator otherwise he will reject. The reviewer has three actions he/she can review an
investigated fresh whistle/ investigated reopened whistle by blower or investigated Rejected whistle.
• Improved the Dashboard functionalities and the made the Reports to look simpler.

Figure 33: Additional Features
Figure 34: Dashboard

CHAPTER-3 LEARNING AND TECHNOLOGIES

3.1 Project 1: FreshGRC- SaaS Based GRC Software
Organizational Knowledge:
As a cost-effective substitute to other GRC goods, Fixnix's FreshGRC software seeks to

democratize the GRC industry. It is simple to implement and flexible to the needs of every business at 10
percent the cost of other GRC goods. The software further minimizes the need for a broad enforcement
department as it automates numerous protection [5] procedures such as internal assessments, risk
assessment, inventory control etc. enabling an organization of any scale to easily go live with an existing,
automated and completely implemented security strategy.
With the regulatory standards across sectors, it has become mandatory for companies
internationally to be compliant. An integrated framework like this one of the GRC (Governance, Risk &
Enforcement) [6] would allow this method simpler to enforce and simplify the information flow of
compliance.
The GRC approach from FixNix allows companies to exercise Compliance as a community, with
increased efficiency, smoother procedure, track variances, fix loopholes, constructive steps and prevent
charging penalties and impacts on credibility.
Technical Knowledge
Compliance management: Regulatory and corporate compliance encompasses laws,

regulations and guidance, industry standards, internal policies and procedures, and contractual
obligations imposed via customer and third-party contracts. The scope and dynamic nature of business
means that your organization’s obligations likely change in some way almost every day. Organizations
who have to fulfill a number of responsibilities face a challenging task of maintaining up with such
changes. From the viewpoints of risk and regulatory enforcement to data protection issues, to policies
and procedures, businesses are required to develop mechanisms to recognize legislative adjustments
and enforce steps and correct processes to ensure enforcement.
However, with the growing volume of responsibilities emerging from a multitude of channels, it is
challenging to recognize, manage, and adapt to problems that affect the company, and to do so in the
most productive and successful manner Managers, business owners, or teams frequently develop
creative approaches to resolve the policies and regulatory requirements needed to operate their
companies. The subsequent abundance of spreadsheets, emails and data bases in an enterprise leads to
a lack of cohesion and transparency between the numerous stakeholders
Many times, specific requirements allow business divisions to have equivalent or comparable
attestations of control through several enforcement programs. As goals shift and budgets expand,
workers continue to turn in and disregard these demands for enforcement, which also exposes the
company to heightened risk of non-compliance penalties, restrictions, lawsuits and reputational damage.
Such fragmented systems affect the efficiency of the enterprise as staff leaders expend time following
knowledge to fulfill different expectations of corporate strategy and monitoring.
Such inefficient procedures inevitably drain scarce money away from the strategic initiatives that
are critical to the growth and survival of the company.
FreshGRC Compliance management systems enable you to integrate information from multiple
responsibilities, record their market impacts and create a reliable, verifiable and fully transparent
compliance plan. Additionally, there are many other features to the system as discussed below-
• Take control of regulatory requirements – With Fixnix's FreshGRC, responsibilities can be

merged into a single archive and news updates from regulatory authorities can be unified into one
searchable, structured framework utilizing prebuilt data feeds. The companies that also record and
complement the regulatory effect review with quantitative knowledge and internal criteria. This
strategy provides the regulatory experience with a simple and unified vision. It also helps regulatory
impacts in the corporate framework to be mapped by extending the capacity to handle and mitigate
the effects of regulatory reform
• Address compliance consistently - FreshGRC facilitates the organization-wide standardization

of strategy, enforcement management and data collection practices[7], creating a specific
taxonomy for the implementation of observable risk and compliance priorities, procedures, controls,
and tracking. It provides for timely prioritization and monitoring of responsibilities. Through
removing manual, non-scalable and duplicative enforcement procedures, a standardized and
repeatable method may be enforced for handling current and evolving commitments and for
handling impacts as rapidly as possible.
• Meet regulatory & compliance obligations - Through combining and centralizing FreshGRC
regulatory details, one can easily generate real-time reporting and customer-specific visualizations
to display regulatory news through vendor, form and effect, and track the overall status of the
regulatory enforcement system for the company. Alternatively, in a centralized framework, one may
delegate duties to enforcement personnel to track resource operations. We may also build waiver
demands, remediation plans and reports to fix any faults that have been discovered during the
testing phase. This process emphasizes that senior management still has a clear image of the
condition of enforcement and helps regulators to easily determine the enforcement of companies
with necessary obligations.
• Establish continuous monitoring - Traditional compliance programs validate the design and
effectiveness of compliance procedures through periodic testing. Unfortunately, periodic testing
can often be delayed due to resource constraints and shifting priorities. With FreshGRC, one can
better align the frequency and scope of the compliance testing with the likelihood and impact of
noncompliance. In addition, one can establish metrics to gauge changes in the organization’s
internal control framework and risk profile[8]. By shifting the program to one informed by metrics
and risk, one can transform compliance from a periodic testing exercise to continuous monitoring.
If continuous monitoring indicators suggest a deterioration in the compliance program, stakeholders
can be automatically notified of the situation, and remediation activities can be documented,
assigned to accountable individuals, and monitored to resolution. Through these activities, the
compliance program will be strengthened as problems are identified and addressed more quickly.
• Policy Program Management - FreshGRC Policy Framework offers the mechanism to support
organizations build a stable and agile system to implement organizational and regulatory strategies
to maintain consistency with enforcement criteria. It involves reporting practices and expectations,
assigning control and identifying policy to core areas and goals of the company. Businesses can
control the entire policy development product life cycle process efficiently and obtain the flexibility
and responsiveness to manage strategy exceptions in a highly regulated compliance ecosystem
with increased frequency of modifications.
• Data Governance – FreshGRC Data Governance is intended to establish a mechanism to support

organizations define, handle and enforce adequate controls over the collection of personal data.
FreshGRC Data Governance assists organizations in maintaining an adequate list of processing
operations, establishing and implementing recorded control measures on the use of Personally
Identifiable Information (PII), and managing data retention requirements. Ensuring PII's accuracy,
completeness, anonymity and accountability, and regularly assessing the data security risks
involved with its use are basic principles of data privacy principles underlined in the Gramm-Leach-
Bliley Act (GLBA)Health Insurance Portability and Accountability Act (HIPAA) and European Union
General Data Protection Regulation (GDPR).

In the continuous influx of new and evolving responsibilities, the organization has to realize which ones
are more important to the business. Organizations can identify and address obligations with FreshGRC
Regulatory & Compliance Management, set business context for compliance, assess risk, establish and
implement compliance policies and standards, create and manage an integrated control framework, test
and constant monitoring, as well as provide compliance accessibility to the executive staff, board and
regulatory stakeholders. It decreases the likelihood of bad, misaligned enforcement and vulnerability to
sanctions, damages and lawsuits, as well as potential reputational harm.
3.2 Project 2: Blockchain Whistleblower
Technical Knowledge
Blockchain: Blockchain technology is best known as the innovation behind Bitcoin, the widely known
cryptocurrency. A blockchain [9] creates a history of information deposits, texts, or transactions in a frame
series in which each block contains a previous block 's mathematical summary, called a hash. It produces
a chain where any modifications made to a block alter the hash of that block, which needs to be
recalculated and placed in the next row. This modifies the hash of a next block, which should also be
reputed up to the end of a chain and so forth.
While the hash, or numerical synopsis, is easy to calculate, there are rules that require the hash value to
also be under a certain threshold. Therefore, the hash is focused on a specific set of mathematical
features that is not fixable; you can't determine which data will be used to achieve the desired answer. A
correct hash is identified by updating a changing value in the block regularly, then resetting the hash until
it satisfies the validity criteria. The value that is freely variable is called the nonce. The hash 's uncertain
existence significantly enhances the complexity of finding a nonce which generates a valid block hash.
Usually it is appropriate to seek millions of different timestamps before a correct hash is identified.
Depending upon the value of originally stored data in the blockchain is therefore costly, albeit not
impossible, information processing-ally. A blockchain's protection is further enhanced by having it
implemented on a decentralized system. This indicates that a high number of people all have access to
the system and all try to add blocks to the end of the chain by attempting to find a ciphertext which
generates a valid hash for a specified block size.
If two blocks discover that both appear to represent the same preceding block, a fork is generated in the
chain. A few network nodes will try to find its next block on one end of the fork while others will be working
from either end of the fork. Each of the chains would inevitably overtake another in length, and the longer
chain is recognized as the true chain by default. Someone who tries to control a block should thus not
only re-find a thorough testing for each subsequent block, but have to do so quicker than almost anyone
operating on the currently accepted chain. Thereby it will become extremely expensive to attempt to alter
that block after any number of blocks have been locked to a particular block.
Whistleblower: The Whistleblower Protection Act, 2011 in chapter V “PROTECTION TO THE PERSONS
MAKING DISCLOSURE “gives in detail the policy a nd laws against Safeguards against victimization,
Protection of witnesses and other persons, Protection of identity of complainant.
Technical Knowledge
• FreshGRC is live and working efficiently with better user interface and interactive UI/UX.
• The Compliance module is improved and providing better results. The review method being simple
to understand and operate is favorable for the marketing and sales of the product.
• The Compliance module is well integrated and provides on time plans to the user as and when
required.
• Admin is easy to use and much less populated increasing its presentation to clients.
• The blockchain whistle in development will prove mostly use full for companies in various sectors

and industries. It can also be useful for government fraud detection and reporting. Even if a whistle
is not investigated, it will create an impact on the organization’s reputation.
Learnings
• Through understanding of GRC with various platforms, its industrial requirement and competition
in the industry.
• Product Management and handling developers for any product.
• Use of various tools/softwares such as GitHub, RSA Archer, FreshGRC, HubSpot, SendGrid and
vulnerability testing tools such as Nikto and Acunetix.
• Conceptual understanding and advantages of Blockchain technology, Tokenomics, Regulatory
Datalake.
• Product demo for client pitch and per-sales and sale activities.

CHAPTER- 4 CONCLUSION

4.1 Project 1: FreshGRC - SaaS Based GRC Software
The work assigned to me during my internship period was completed as per the guidelines received by
my company guide, interacting with the business owners and management from which certain inferences
could be derived. In the FreshGRC project some of the findings noted for applications were as follows:
• Explore GRC and design and analyze efficient use of dashboard and assign task to developers.
• Prepare and redesign website, removing the hostile elements from the website.
• Analyze the logical flow of information and design structural changes to module to
make integration easier.
• Study different aspects of GRC and industry standards to provide the right information for module
and make required changes.
• Provide proper user access limits and assign the task to developers.
• Analysis of the Compliance module to identify important, redundant and unnecessary functionalities
and act accordingly.
• Study and use FreshGRC to explore and identify typos and functional and logical errors, report and
assign to developers.
• Study and design new technique to review and score audit to make is user friendly and remove
confusing elements.
• Addition of experienced developers for the faster development of product.
4.2 Project 2: Blockchain Whistleblower
The work assigned to me during my internship period was completed as per the guidelines received by
my company guide, interacting with the business owners and management from which certain inferences
could be derived. In the blockchain whistleblower project some of the findings noted for applications were
as follows:
• Understanding aspects such as Blockchain, Tokenomics, The Whistleblower Protection Act, 2011
and concept of whistleblower.
• Understanding blockchain technology and its use in whistleblower module.
• Understanding the requirement in whistleblower module and creating rough draft.
• There has to be mechanism to stop fake whistles from generating and causing damage to a
company’s reputation.
• Alternate solution if the investigators and reviewer involved in fraudulent activity needed.
• DevOps methodology can be used in the development stage of blockchain whistleblower.

BIBLIOGRAPHY:
[1] “An Introduction to SAP GRC Access Control.” https://blog.sap-press.com/an-introduction-to-sap-

grc-access-control (accessed Aug. 21, 2020).
[2] “Compliance Management App | Compliance Software Solutions.”
https://www.metricstream.com/apps/compliance-management.htm (accessed Aug. 21, 2020).
[3] “Enterprise Blockchain Platform | Corda Platform and Services by R3.” https://www.r3.com/corda-
platform/ (accessed Aug. 21, 2020).
[4] “NIX WHISTLE.” https://www.nixwhistle.com/ (accessed Aug. 21, 2020).
[5] S. L. Mitchell, “GRC360: A framework to help organisations drive principled performance,” Int. J.
Discl. Gov., vol. 4, no. 4, pp. 279–296, Nov. 2007, doi: 10.1057/palgrave.jdg.2050066.
[6] “Solution | Awareness Management | Board Governance.” https://www.fixnix.co/solution.html
(accessed Aug. 21, 2020).
[7] “Evolved SIEM – Security Information and Event Management – RSA.” https://www.rsa.com/en-
us/products/threat-detection-response/siem-security-information-event-management (accessed
Aug. 21, 2020).
[8] “Advanced Persistent Threat Defense – RSA.” https://www.rsa.com/en-us/products/threat-
detection-response/advanced-persistent-threat-apt (accessed Aug. 21, 2020).
[9] “whistleblower | Definition, Laws, Protection, & Facts | Britannica.”
https://www.britannica.com/topic/whistleblower (accessed Aug. 21, 2020).

APPENDIX I
• GRC: Governance Risk and Compliance
• UI/UX: User Interface

APPENDIX II
Project 1: FreshGRC- SaaS Based GRC Software
Completed/
Month Week Task Remarks
Ongoing/Incomplete
Understanding
Introduction and demonstration functional and technical
March 4
of FreshGRC
Completed
characteristics of the
product.
Make the development team

Preparing a catalog of
perceive the product to its core,
bugs and changes in
1 so we can get to the sweet spot Completed
functionalities in
of desirability, feasibility and
Compliance Module
viability
Documentation and report on Preparing document on

2 Completed
the product product functionalities.
April
Business development activities

Learned how to improve
like sales and mailing clients
3 Completed sales and marketing
requesting for a product demo
on FreshGRC through social media
Creating a Product roadmap

for an enhanced GRC Integration has been
4 journey & Analyzing the Completed
done perfectly
product and finding the bugs
Updating the Compliance Analyzing competitors

Repository, Customizing the and bring about
May 1 Library as per the requirement &
Completed
features for better
Designing the flow of the product market exposure

Finalizing the launch of V7.0 &
Launching of another New features were
2 compliance platform named Completed integrated and
OSHAFreshGRC for revamped the solutions
organizations
Increasing the
Customizing the Library as per
repository for better
3 the requirement & Designing the Completed
implementation of the
flow of the product
product.
To order to evaluate the

Finalizing the launch of V7.0 efficiency of checks and
& Launching of another apply simple, precise
4 compliance platform named Completed control orders, you
OSHAFreshGRC for should streamline
organizations compliance processes
and workflows.
It includes the
development and
Planning to use Intelligence strategic planning of a
1 Completed
GRC & Wireframing the feature role catalog in several
ecosystems as per
standard practices
This module enables

you to optimize and
optimize the project of
providing access to
June Implementation of
urgent situation and
privileged accounts,
2 IntelligentGRC & Roadmap for Completed
that also offers
IntelligentGRC
excellent operating
flexibility – required for
efficient and rapid
resolution of uncommon
business issues.
Working on the implementing

Intelligent Compliance
3 Intelligent Compliance module Completed
module was integrated.
and fixing the bugs.

Made proper Marketing
& Sales strategy and
Pitching the product and giving
4 Completed pitched the product
demos
targeting North
American Market
Table 4: Project FreshGRC
Project 2: Blockchain Whistleblower
Completed/
Month Week Task Remarks
Ongoing/Incomplete
Understanding aspects
such as Blockchain,
Tokenomics,
Research for Blockchain
March 4 Completed The Whistleblower
and whistleblower.
Protection Act, 2011
and concept of
whistleblower
Understanding
Understanding Blockchain and blockchain technology
1 Completed
Whistleblower requirements. and its use in
whistleblower module.
Documentation and report on Preparing document on

2 Completed
the product product functionalities.
April
Understanding the
Idealizing and Initializing requirement in
3 Blockchain whistleblower Completed whistleblower module
production. and creating rough
draft
Preparing the flow of

Preparing a wireframe
blockchain
4 prototype of blockchain Completed
whistleblower
whistleblower.
module.

Integrating it on a blockchain Integration done
1 platform named r3 corda Completed
successfully
Finding minor bugs and creating Minor bugs were fixed

May 2 a roadmap for sales and Completed and a roadmap was
marketing built.
The product demos

Pitching the product and giving
3 Completed were given to the
demos.
prospective clients.
Table 5: Project Whistle-Blower (NixWhistle)
APPENDIX III
• PPR 1 Approval

PLAGARISM REPORT

Krishnan Ramanthan FPR PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Krishnan Ramanthan FPR PDF

Uploaded by

Copyright:

Available Formats

A Report on Transforming FreshGRC 6.

Fixnix Infosec Solutions

Asish Kumar Behera

SYMBIOSIS CENTRE FOR INFORMATION

SYMBIOSIS INTERNATIONAL (DEEMED UNIVERSITY)

Year of submission 2020

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 1

Internal Evaluator External Evaluator Director

Seal of the Institute

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 2

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 3

I take this opportunity to express my profound gratitude and deep regards to my

It is my great pleasure to present my work on the summer training project at

I am also obliged to staff members of Symbiosis Centre for Information

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 4

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 5

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 6

Figure 1: Compliance Library ................................................................................................................. 13

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 7

Table 1: Problems cited ......................................................................................................................... 29

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 8

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 9

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 10

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 11

COMPLIANCE MANAGEMENT AND ASSET MANAGEMENT:

COMPLIANCE MANAGEMENT MODULE:

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 12

Figure 1: Compliance Library

Figure 2: Compliance Library Features

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 13

Figure 4: Compliance Library Work-Flow

Figure 5: Compliance Library Revamped

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 14

The role of the Compliance Reviewer would be to analyze:

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 15

Assess the impact of Automate task assignments, Disable repetitive, quasi-scalable

ASSET MANAGEMENT MODULE:

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 16

Easy to track and audit all your assets

Asset Management & Reporting

Major roles in Asset Management are;

The Asset Dashboard is shown based on users:

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 17

Figure 9: Asset Dashboard Continued

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 18

There are various types of assets:

ASSET REGISTRATION PROCEDURE:

Create a new asset and fill the details of the asset:

1. Name of the Asset with its description

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 19

Figure 12: Asset Criteria

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 20

Figure 14: Asset Planning

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 21

Figure 15: Asset Assessment

Figure 16: Assessment Features

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 22

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 23

Figure 19: Asset Labelling

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 24

Figure 21: Asset Review

Transforming FreshGRC 6.0 and Implementing a Blockchain based Whistleblower 25

Below are the features of block chain: