Risk Cloud Use Cases

Standard Use Cases

Enterprise Risk Management, Third-Party Risk Management, IT Security Risk, Control Audit Management, Compliance Management, Incident Management, Issues Management, Policy Management, Regulatory Compliance, Internal Audit Management, Procurement & Contract Management, Business Continuity Management, Data Privacy.

Risk Cloud Platform

Standard Application

A Standard Application is a distinct set of rules and logic built in Risk Cloud supporting a singular use case, as determined by the LogicGate team. Live Applications are those used in a production setting and count towards the contracted Application amount.

Premium Application

A Premium Application includes access to advanced features and capabilities not natively available in Standard Applications. They are priced at a premium to reflect additional value-added features and capabilities such as: 

• Automated evidence collection 
• Integrations
• Advanced document generation

The following are the currently-available Premium Applications: 

1. FedRAMP SSP Premium Application
2. Controls Compliance Application

Power User

Power User functionality includes all Standard User abilities (see below), in addition to the ability to create, modify, and manage Applications. This includes, but is not limited to, jobs, workflows and steps. This user has “Build” permissions in Risk Cloud. This user type was previously denoted as a “Primary User.”

Standard User

Standard Users can view and interact with records, complete tasks, view home screens, view and create reports and dashboards, and view audit history of records. Standard Users cannot create or manage Applications and cannot be assigned the “Build” permission. This user type was previously denoted as a “Secondary User.”

External User

External Users can receive email notifications and perform work using unique, tokenized links. External Users do not have their own login.

Additional Product Features

Single Tenancy

Provides database infrastructure that is not shared with other tenants.

Single Tenancy - Healthcare

Single tenant Risk Cloud® environment provisioned for customers who (i) are designated as covered entities (e.g., healthcare providers, health insurance companies, etc.), and (ii) wish to upload and/or store protected health information (“PHI”) within such environment for use with its purchased Application(s). For clarity, purchase of this SKU requires the execution of a Business Associate Agreement (“BAA”).

Risk Cloud Documents

Provides the ability to configure document templates using a template-building tool called Formstack , and enables users to automate document generation in Risk Cloud. Includes access to up to 50 Reports and 2,000 Downloads (per month).

Risk Cloud Quantify ® Standard

Provides access to a risk quantification product designed to calculate potential loss exposure range in monetary terms for a given risk scenario. Risk Cloud Quantify Standard does not include advanced features.

Risk Cloud Quantify® Premium

Provides access to a risk quantification product designed to calculate potential loss exposure range in monetary terms for a given risk scenario. Risk Cloud Quantify Premium includes advanced features.

Public Pages

Public Pages allow you to create publicly available forms that can be submitted by anyone with the unique link.

SCIM User Provisioning

Provides access to SCIM 2.0 supported auto-provisioning that allows integration with identity management systems. Includes support for the following functions: Create, Update, and Deactivate users.

Additional Environment

Provides a customer with access to an additional, separate Risk Cloud environment that may be used in conjunction with other Risk Cloud services purchased by the same customer.

Implementation & Professional Services

Quick Start Implementation

Subject to required scoping, LogicGate's Quick Start Implementation Option provides up to 40 hours of hands-on configuration support for an eligible Risk Cloud Application template typically within a 45-day period from the Kickoff Date. Included in the service is:

• Up to two (2) Application Walkthrough sessions
• Data import and mapping for up to three (3) workflows (500 records max per workflow)
• One (1) Roles & Permission Matrix
• Initial user account creation
• Access for Power Users to the Risk Cloud Power User Certification program
• One (1) live Power User training session provided via web conference and recorded
• Single sign-on implementation support (if applicable)
• A four (4) week HyperCare period after go-live, consisting of two 30-minute sessions with the Implementation team and minor configuration updates

Standard Implementation

Subject to required scoping, LogicGate's Standard Implementation Option provides up to 90 hours of hands-on configuration support for any of LogicGate's Standard Use Cases, using an official Risk Cloud Application template or a custom build, typically within a 100-day period from the Kickoff Date. Included in the service is:

• One (1) Process Deep Dive session
• Up to five (5) Application Walkthrough sessions
• Two (2) End User Testing Feedback sessions and documented testing scripts
• Data import and mapping for up to three (3) workflows (500 records max per workflow)
• One (1) Roles and Permission Matrix
• Initial user account creation
• Access for Power Users to the Risk Cloud Power User Certification program
• One (1) live Power User training session provided via web conference and recorded
• Single sign-on implementation support (if applicable)
• A four (4) week HyperCare period after go-live, consisting of two 30-minute sessions with the Implementation team and minor configuration updates

Enterprise Implementation

Subject to required scoping, LogicGate's Enterprise Implementation package provides up to 200 hours of hands-on configuration support for any of LogicGate's Applications, using an official Risk Cloud Application template or a custom build, typically within a 150-day period from the Kickoff Date. This Service includes:

• Two (2) process deep dive sessions
• One (1) requirements alignment session
• One (1) requirements tracker
• Up to eight (8) Application walkthrough sessions
• Two (2) LogicGate facilitated end user testing feedback sessions and documented testing scripts
• Data import and mapping for up to 20,000 records
• One (1) Roles and Permission Matrix
• One (1) Admin Maintenance Manual
• Initial user account creation
• Risk Cloud Power User Certification program access for Power Users
• One (1) 1.5 day in-person working session on-site with Customer, consisting of live Power User and End User training sessions, go-live transition, and stakeholder roadmap discussion
• Single Sign-On (SSO) and System for Cross-domain Identification Management (SCIM) implementation support (if applicable)
• Weekly Project Status Meetings
• A four (4) week hypercare period after go-live, consisting of four 30-minute sessions with the Implementation team and minor configuration updates

Enterprise Implementation - Virtual

Subject to required scoping, LogicGate's Enterprise Implementation package provides up to 200 hours of hands-on configuration support for any of LogicGate's Applications, using an official Risk Cloud Application template or a custom build, typically within a 150-day period from the Kickoff Date. This Service includes:

• Two (2) process deep dive sessions
• One (1) requirements alignment session
• One (1) requirements tracker
• Up to eight (8) Application walkthrough sessions
• Two (2) LogicGate facilitated end user testing feedback sessions and documented testing scripts
• Data import and mapping for up to 20,000 records
• One (1) Roles and Permission Matrix
• One (1) Admin Maintenance Manual
• Initial user account creation
• Risk Cloud Power User Certification program access for Power Users
• One (1) 1.5 day virtual working session, consisting of virtual Power User and End User training sessions, go-live transition, and stakeholder roadmap discussion
• Single Sign-On (SSO) and System for Cross-domain Identification Management (SCIM) implementation support (if applicable)
• Weekly Project Status Meetings
• A four (4) week hypercare period after go-live, consisting of four 30-minute sessions with the Implementation team and minor configuration updates

Custom Implementation

Subject to required scoping, LogicGate's Custom Implementation Option provides implementation services for any use case not included in LogicGate's existing implementation packages.

Implementation Scope

Each implementation option listed above can be used to cover the implementation of one Application.

Implementation Services Bundle

Ten (10) hours of access to the Risk Cloud Implementation Team. Such hours shall be used for hands-on configuration support for any of LogicGate's Standard Use Cases, using an official Risk Cloud Application template or a custom build.

Standard Success

Includes access to the LogicGate Help Center; core Risk Cloud training content on LogicGate Learning portal; in-app chat support; and updates related to the latest version of Risk Cloud Standards and Regulations Content provided to you, upon request, via spreadsheet within 120 days of a major release published by the authoritative source.
For updates to the Secure Controls Framework, content and mapping adjustments will be made according to the latest version's Errata.

Premier Success

Premier Success is a recurring service that provides customers with technical support and Power User training in Risk Cloud. Included in the Service: Premier Success Requests (PSR)

• Customers can request technical support in the form of a Premier Success Request (PSR) performed by the Professional Services team for any Application in their Risk Cloud environment, limited to six (6) PSRs per month. Unused PSRs do not roll over.
• PSRs are limited to:
  • Data management activities, including: bulk import, bulk mapping, mass record updates, mass field changes / additions.
  • Assistance with reports, including: creating new reports and updating or troubleshooting existing reports.
  • Expert troubleshooting of records, application configuration, access, or automation.
  • Minor Application build updates, including: form updates, access management updates, and job updates.
  • Design guidance in the form of reviewing applications or providing Risk Cloud best practices.
  • New product feature implementation.
  • Functional documentation, including: single process or technical configuration documentation in the format of videos, PDFs, or slides for end users and/or admins.
  • Out-of-scope requests include:
    • Risk or business process advisory services that involve making recommendations for business processes and Workflows outside the scope of Risk Cloud Application template best practices.
    • Full configuration or implementation of net new Applications.
    • Full overhaul of in-scope applications (i.e., significant process changes).
    • Procuring any control framework or other Governance, Risk, and Compliance content that is not already provisioned within the Risk Cloud platform by means of existing Risk Cloud Application Templates.
    • Populating Data Import templates provided to the Customers.
  • The Professional Services team shall review each PSR to confirm it is in-scope for the PSR Issue. Any out-of-scope requests, PSRs that include more than one PSR request, may require a separate Scope of Work for the out-of-scope project or may be separated into separate PSRs.
  • Customers must submit each PSR with a detailed description of the desired request.
  • Upon completion, Customer will test and sign off to close out the PSR.
  • In-progress PSRs will roll over and count towards the next month's PSR limit if they are not completed, tested, or signed off on within the month.
• Risk Cloud Power User Trainings:
  • The dedicated Professional Services team will host monthly 60-minute Power User trainings with other customers in the region. The Professional Service team will notify the Customer of the date and content of the training. The trainings will have technical topics ranging from building a new application from scratch to complex calculations and automation.
  • Customer may join the monthly Power User training if the topic interests them and aligns with their needed Risk Cloud skill set.
• Standards and Regulation Content Update:
  • The dedicated Professional Services team will support loading the latest version of the Standards and Regulations Content within 60 days of a major release published by the authoritative source, as well as mapping the new version to the “primary control set” (i.e., Secure Controls Framework or HITRUST) within 60 days of a major release from the primary control set's authoritative source, to maintain relevant control mappings.
  • Customer is responsible for opting-in to major release uploads via the provided Risk Cloud form to ensure the necessary updates are made.

Professional Service Bundles

Ten (10) hours of access to the Risk Cloud Consultant Team, in addition to either of the Success packages listed above. Can be used for additional configuration, system administration, content update, or GRC process design and enablement support; and support with applying updates to existing control mappings for Risk Cloud Standards and Regulations Content.

Documents Report Configuration Bundles

Ten (10) hours of access to the Risk Cloud Consultant Team to provide initial setup of report(s) based on Customer-provided template(s) and basic training on how to utilize reports. Customer is responsible for providing template(s) for any report(s) created.

Integrations

Ascent Regulators

Each individual Regulator includes obligation, rule, and metadata for a given Ascent regulator integrated into the “Regulatory Compliance Powered by Ascent” Application within the Risk Cloud.

Ascent Banking Bundle - US

The Banking Bundle - US includes retail (consumer) banking/lending, wealth management, and business banking/lending entities, such as:

• Depository financial institutions that are state or federally chartered banks (including special purpose charters)
• Commercial banks (but not investment banks)
• Bank holding companies
• Savings banks and savings associations
• United States Federal Jurisdictional Content
  • Federal Reserve + OCC + FDIC + FFIEC 
  • HUD (FFEO, FHA, Ginnie Mae) + Freddie Mac + Fannie Mae 
  • CFPB + FTC + FCC + FEMA + VA + DOD + EEOC + DOJ
  • FinCEN + OFAC + Treasury
  • 50 States + DC

Items of Note:

• International bodies set standards and policies relating to liquidity and capital requirements  and bank payment and settlement processes (e.g., Basel Committee on Banking Supervision (Basel Committee), Financial Stability Board (FSB), and Bank of International Settlements (BIS))
• Interstate Banking is governed by the Riegle-Neal Interstate Banking and Branching Efficiency Act of 1994,  

The Banking Bundle - US excludes the following:

• Credit Unions 
• Trust Companies (banks can offer trust services)
• Specialty Purpose Banks 
• Investment Banks

Full list of specific regulatory offerings included in this Bundle are available upon request.

Ascent Mortgage Lending Compliance Bundle

The Mortgage Lending Compliance Bundle - US includes mortgage brokerage, mortgage origination(insurance) and mortgage servicing:

• Mortgage lending by nondepository (nonbanking) financial institutions to individuals
• Depository institutions may use so long as they understand that they are subject to separate/additional/different requirements applicable to depository institutions.
• United States Federal Jurisdictional Content
  • HUD (FFEO, FHA, Ginnie Mae) + Freddie Mac + Fannie Mae
  • CFPB + FTC + FCC + FEMA + VA + DOD + EEOC + DOJ
  • FinCEN + OFAC
• 50 States + DC
• Puerto Rico, Guam, American Samoa, U.S. Virgin Islands
• The Mortgage Lending Compliance Bundle excludes the following:
  • Commercial/multifamily residential financing
  • Secondary market activities (including securitization and resale)

Full list of specific regulatory offerings included in this Bundle are available upon request.

Ascent Credit Union Compliance Bundle

The Credit Union Compliance Bundle - US includes Retail(consumer) banking and lending and small business banking and lending:

• Depository financial institutions that are state or federally chartered credit unions
• Service offerings for members only
• United States Federal Jurisdictional Content
• 50 States  (DC does not issue credit union charters)
  • NCUA + FFIEC
  • HUD (FFEO, FHA, Ginnie Mae) + Freddie Mac + Fannie Mae
  • CFPB + FTC + FCC + FEMA + VA + DOD + EEOC + DOJ
  • FinCEN + OFAC
• The Credit Union Compliance Bundle excludes the following:
  • Commercial/multifamily residential financing
  • Secondary market activities (including securitization and resale)

Full list of specific regulatory offerings included in this Bundle are available upon request.

Ascent Money Transmitter Licensing & Compliance Bundle

The Money Transmitter Licensing and Compliance Bundle - US includes MTL licensing and regulation, Virtual currency licensing and regulation and Federal Financial Rights to Privacy Act:

• Service of accepting currency, funds (or other value that substitutes for currency) from one person and transmits it to another location or person by any means
• Although Congress has considered passing laws to expand federal oversight of money transmitters and the OCC has considered issuing a national MTL, currently only  states license and regulate money transmitters.
• United States Federal Jurisdictional Content
  • FinCEN + OFAC
  • Bank Secrecy Act regulatory controls, including the anti-money laundering
• 50 State + DC - MTL laws and regulations
  • Montana does not have a money transmitter licensing requirement
  • Massachusetts requirements apply to international transmissions only.)

Items of Note:

• There is no uniformity among the states with respect to licensing or regulation of businesses that deal in virtual currencies
• Entities regulated by the Securities and Exchange Commission (SEC) and Commodities and Futures Trading Commission (CFTC), do not need money transmitter licenses because that is not their primary business activity

The Money Transmitter Licensing and Compliance Bundle - US  excludes the following:

• Non-state rulesets governing international money transmissions
• Money service businesses, currency exchangers, issuers of money orders, stored value cards, traveler’s checks
• Consumer protection and consumer privacy
• IRS cash transaction reporting laws, regulations

Full list of specific regulatory offerings included in this Bundle are available upon request.

Ascent Consumer Lending Compliance Bundle - US

The Consumer Lending Compliance - US includes Personal, auto, private student and small business loans, Secured and Unsecured loans, Small Business Loans and Lines of credit (including personal lines and HELOCs):

• Consumer lending by nondepository (nonbanking) financial institutions to individuals
• Colleges and other non-financial institutions who make certain types of consumer loans (student loans) may be subject to fewer than all rulesets
• “Buy Now, Pay Later” (BNPL) firms may use  so long as they understand it is for financing classified as “lending;” some rulesets/regulators classify BNPL as “installment sales.
• United States Federal Jurisdictional Content
  • CFPB + FTC + FCC + FEMA + VA + DOD + EEOC + DOJ
  • FinCEN + OFAC
• 50 State + DC, Puerto Rico, Guam, American Samoa, U.S. Virgin Island

The Consumer Lending Compliance - US  excludes the following:

• Bank partnerships (custom scoping available)
• Money/Loan Brokers
• Credit Services Organizations
• Debt Collection (third party)
• Debt Management
• Pay Day Loans
• Mortgage Lending
• Loan Finance Companies
• Specialty lending  and factoring
• Commercial lending
• Secondary market activities
• Lending by non-bank subsidiaries of banks
• Lending by foreign banks/non-banks

Full list of specific regulatory offerings included in this Bundle are available upon request.

Ascent Broker-Dealer + Investment Advisor Compliance Bundle - US

The Broker-Dealer + Investment Advisor Compliance - US includes State licensing and registration, Digital assets and financial activities regulated by the SEC/CFTC:

• SEC-registered investment advisers, broker-dealers and investment companies
• CFTC- registered commodity trading advisors, commodity pools and pool operators and commodities/futures merchants
• Variable Annuities and Variable Life Insurance (SEC requirements only) 

The Broker-Dealer + Investment Advisor Compliance - US  excludes the following:

• Investment banks and non-registered funds (e.g., private equity and hedge funds)
• Municipal advisors
• Digital (crypto) finance/assets

Full list of specific regulatory offerings included in this Bundle are available upon request.

Black Kite Vendor Monitoring

Includes a bucket of vendors monitored by Black Kite bringing over the Cyber Security Rating, Ransomware Index, Breach Index, Compliance Rating, Compliance Completeness, Compliance Confidence, and all FAIR scoring fields directly to the vendor level within the Risk Cloud TPRM application (“Black Kite Buckets”). Black Kite Buckets can be purchased for a quantity of 50, 100, 250, 500 or 1,000.

CUBE Regulatory Content

Includes regulatory information directly from CUBE to monitor changes within tracked regulatory bodies. These can be broken down based upon changes, obligations, and in some cases horizon scanning capabilities if this level of the CUBE platform is purchased. This data is integrated into the Regulatory Compliance application within Risk Cloud.

CUBE Regulatory Services

Custom-scoped services required for the implementation and integration of CUBE Regulatory Content.

Workato

Middleware platform utilized for Risk Cloud Connector integrations. Customer's use of Workato Services is subject to Workato's Terms of Use and Workato's Privacy Policy.

Native Integrations

Provides access to all integrations native to Risk Cloud.

API Access

Access to the RESTful API, allowing you to connect Risk Cloud to third-party tools.

Risk Cloud Connector

Pre-built connector or custom-built connector by LogicGate's Integration Services Team to connect to common SaaS platforms or GRC use cases.

Integration Service Bundles

Ten (10) hours of access to the LogicGate Integration Services Team, in addition to the Risk Cloud Connector above. Will be used to build out the integration to the exact specifications required by the Customer.

Technical Account Management

Technical Account Manager (Silver)

The Technical Account Manager (Silver) is a dedicated LogicGate resource who provides strategic and technical support for up to four (4) Applications in Risk Cloud. These four applications are to be agreed upon between the Customer and LogicGate once per contract Term Year.

Included in the Service for defined in-scope Applications:

• Risk Cloud Training
  • As needed Advanced Admin User Training for configuration owners on all in-scope Applications
  • One (1) custom instructional video for end users per in-scope Application (see above for description)
• Risk Cloud Configuration Support for live in-scope Applications
  • Minor Configuration Updates (e.g., adding a new step, field-level updates, additional workflow mappings)
  • Bulk actions (e.g., imports, record mappings, field updates, record assignments)
  • Table, Visual, and Dashboard report creations and updates

Included in the Service for the Risk Cloud Environment:

• Implementation and Professional Services Project Management
  • Project management across all LogicGate scoped services work
  • Monthly alignment call to review the status of all in-progress project
• Develop and maintain system-level Access Matrix across all Applications
• Support with loading the latest version of Risk Cloud Standards and Regulations Content within 60 days of a major release published by the authoritative source, as well as mapping the new version to the “primary control set” (i.e., Secure Controls Framework or HITRUST) within 60 days of a major release from the primary control set's authoritative source, to maintain relevant control mappings.

Additional Service Details:

• Account Strategy
  • Semi-Annual (every 6 months) Health Checks
  • Annual Executive Business Review
  • Semi-Annual (every 6 months) update of Risk Cloud data diagram
• Technical Account Manager will be available during the hours of 8am - 6pm CST during normal business days and will have a targeted response time of eight (8) hours.
• Three (3) tickets to annual user conference Agility + Build Bash

Technical Account Manager (Gold)

The Technical Account Manager (Gold) is a dedicated LogicGate resource who provides strategic and technical support for up to eight (8) Applications in Risk Cloud. These eight Applications are to be agreed upon between the Customer and LogicGate once per contract term year.

Included in the Service for defined in-scope Applications:

• Risk Cloud training
  • As needed, advanced admin user training for configuration owners on all in-scope Applications
  • One (1) custom instructional video for end users per in-scope Application (see above for description)
  • One (1) custom instructional video for admin users per in-scope Application (see above for description)
  • As needed in-depth knowledge transfer of existing Applications to new Power Users or Application owners
• Risk Cloud configuration support for live in-scope Applications
  • Minor configuration updates (e.g., adding a new step, field-level updates, additional workflow mappings)
  • Bulk actions (e.g., imports, record mappings, field updates, record assignments)
  • Table, visual, and dashboard report creations and updates
• Implementation and Professional Services project management
  • Development and maintenance of jobs matrix across all in-scope Applications
  • Development of custom admin manual for all in-scope Applications

Included in the Service for the Risk Cloud environment:

• Implementation and Professional Services project management
  • Project management across all LogicGate scoped services work
  • Bi-weekly (every 2 weeks) alignment call to review the status of all in progress projects
  • Develop and maintain system-level access matrix across all Applications
  • Summarization and documentation of key decisions and requirements communicated during all LogicGate-scoped services work
• Support with loading the latest version of Risk Cloud Standards and Regulations Content within 60 days of a major release published by the authoritative source, as well as mapping the new version to the “primary control set” (i.e., Secure Controls Framework or HITRUST) within 60 days of a major release from the primary control set's authoritative source, to maintain relevant control mappings.

Additional Service Details:

• Account Strategy
  • Quarterly health checks
  • Semi-annual (every 6 months) Executive Business Review
  • Quarterly update of Risk Cloud data diagram
  • One-time GRC Maturity Workshop
• Technical Account Manager will be available during the hours of 8am - 6pm CST during normal business days and will have a targeted response time of six (6) hours.
• Seven (7) tickets to annual user conference Agility + Build Bash
• Ninety (90) Professional Services hours per year to be used for scoped Implementation or Professional Services project work. These ninety hours do not roll over to subsequent years.

Technical Account Manager (Platinum)

The Technical Account Manager (Platinum) is a dedicated LogicGate resource who provides strategic and technical support for up to twenty (20) Applications in Risk Cloud. These twenty Applications are to be agreed upon between the Customer and LogicGate once per contract Term Year.

Included in the Service for defined in-scope Applications:

• Risk Cloud Training
  • As needed Advanced Admin User Training for configuration owners on all in-scope Applications
  • One (1) custom instructional video for end users per in-scope Application (see above for description)
  • One (1) custom instructional video for Admin Users per in-scope Application (see above for description)
  • As needed in-depth knowledge transfer of existing Applications to new Power Users or Application Owners
• Risk Cloud Configuration Support for live in-scope Applications
  • Minor Configuration Updates (e.g., adding a new step, field-level updates, additional workflow mappings)
  • Bulk actions (e.g., imports, record mappings, field updates, record assignments)
  • Table, Visual, and Dashboard report creations and updates
• Implementation and Professional Services Project Management
  • Development and maintenance of Jobs Matrix across all in-scope Applications
  • Development of Custom Admin Manual for all in-scope Applications

Included in the Service for the Risk Cloud Environment:

• Implementation and Professional Services Project Management
  • Project management across all LogicGate scoped services work
  • Weekly alignment call to review the status of all in progress projects
  • Develop and maintain system-level Access Matrix across all Applications
  • Summarization and documentation of key decisions and requirements communicated during all LogicGate scoped services work
• Support with loading the latest version of Risk Cloud Standards and Regulations Content within 60 days of a major release published by the authoritative source, as well as mapping the new version to the “primary control set” (i.e., Secure Controls Framework or HITRUST) within 60 days of a major release from the primary control set's authoritative source, to maintain relevant control mappings.Additional Service Details:
  • Account Strategy
    • Monthly Mutual Success Planning
    • Quarterly, (every 3 months) or As-Needed Executive Business Review
    • Continuous updates of Risk Cloud data diagram
    • Annual GRC Maturity Workshop
    • Twice-Annual (every six months) Onsite
  • Technical Account Manager will be available during the hours of
    8am - 6pm CST during normal business days.
  • Fifteen (15) tickets to annual user conference Agility + Build Bash
  • One Hundred and Eighty (180) Professional Services hours per year to be used for scoped Implementation or Professional Services project work. These hours do not roll over to subsequent years.
    • Each project will require separate scoping and will be performed by the designated team, with project management and oversight by the Technical Account Manager.

GRC Maturity Workshop

GRC Maturity Workshops enable LogicGate customers to assess, discuss, and plan their GRC management programs with insights and guidance from a LogicGate workshop facilitator. This engagement requires customer participation

in the following activities:

• Pre-workshop planning call
• Registration survey
• Maturity self-assessment
• Two-day, in-person workshop
• Post-workshop Executive Readout presentation

Following completion of the GRC Maturity Workshop, customers will receive these five deliverables:

1. Final GRC Maturity Report:
   A comprehensive maturity report outlining a summary of the workshop outcomes, the customer's program maturity level and assessment findings, and solution recommendations based on priority opportunity areas.
2. Program Roadmap:
   A custom program roadmap that details how customers can operationalize the plan to reach their target GRC maturity, both in and outside of Risk Cloud.
3. Executive Readout:
   A presentation for the customer's executive team highlighting the current strengths of their program and outlining the support and investments required to enable their roadmap.
4. GRC Program Value Statement:
   A defined set of core values for the customer's cross-functional GRC team that can be used as a framework for decision-making and prioritization.
5. Use Case Map:
   A diagram that highlights the customer's GRC program connection points and outlines the path the customer can take to implement additional GRC capabilities as they mature their program over time.

v.2.19 | Last Updated: April2024