Grace Connect

🌍 Grace Connect GRC Suite featured again in the RMIS Panorama 2025! 🌍

We are proud to share that Grace Connect has once again been selected for inclusion in the latest edition of the RMIS Panorama, the international benchmark for Risk Management Information Systems, published by AMRAE in partnership with EY France.

🏆 This recognition highlights our ongoing commitment to delivering cutting-edge governance, risk, and compliance solutions that empower organizations to navigate risk with clarity and confidence.

📊 The 2025 RMIS Panorama draws insights from:
• 178 risk managers in 24 countries
• 52 solution providers – including 7 new ones
• 9 real-life risk manager testimonials
• Key market practices and trends

🙏 Thank you to the entire EY France team coordinating the survey for their outstanding work and continued support. We truly appreciate the effort and professionalism behind this important market reference.

💡 Grace Connect's continued presence in this respected publication is a sign of trust and consistency—and an incentive for us to keep pushing innovation forward.

🔗 Download the full Panorama here:

Download

Grace Connect is thrilled to announce that an internship position is open for academic students!

If you're looking to gain hands-on experience in statistical analysis and machine learning, this is the perfect chance to test your capabilities in a challenging and motivating environment.

You'll be using advanced statistical techniques to forecast client complaints, and you will have the opportunity to implement your findings using Azure Machine Learning.

Internship objective:

Develop a regression model to forecast upcoming client complaints using statistical analysis techniques, including hypothesis testing, and implement the model in Azure Machine Learning.

Key responsibilities:

• Data analysis: Organize, clean, and analyze historical complaint data. Identify relevant predictors and outliers.

• Regression model development: Compare various regression models, including multiple linear regression, polynomial regression, and Lasso regression.

• Hypothesis testing: Conduct hypothesis tests on predictors, evaluate results, and interpret their significance.

• Model validation: Fine-tune the model to maximize accuracy and ensure stability.

• Azure ML implementation: Train, optimize, and deploy the regression model using Azure Machine Learning Studio.

What we offer:

• Hands-on learning: Apply your knowledge to real-world data analysis and machine learning models.

• Networking: Connect with professionals in the data science and AI fields.

• Flexible hours: Tailor your work schedule to fit around your academic commitments.

• Access to resources: Full access to Microsoft Azure Machine Learning Studio and cutting-edge AI libraries.

Requirements:

• Enrolled as a full-time student in an academic institution.

• Strong academic background with skills in statistical analysis and machine learning.

• Proficiency in programming languages like Python or R.

• Excellent organizational skills and attention to detail.

Location: Flexible

Duration: 600 hours + 200 additional hours per quarter (flexible to accommodate your studies)

Compensation: €13/hour (to be agreed based on location)

How to apply:

Send your CV and motivation letter to administrator@gracegrc.com.

On 13th February 2025, Grace Connect took part in the Security Forum in Luxembourg, where we shared insights on how organizations can manage cyber threats and maintain business continuity in an increasingly volatile environment.

Our session covered a variety of topics related to cyber resilience, focusing on the practical steps organizations can take to prepare for and respond to cyber incidents. Highlights included:

✅ The importance of building a holistic cyber security management system that combines internal readiness with external threat intelligence.

✅ The critical role of third-party risk management (TPRM) in protecting organizations from vulnerabilities in the supply chain.

✅ How to measure the effectiveness of incident response through KPIs and continually improve resilience.

To dive deeper into the details of our presentation, CLICK HERE to download the full speech from the event.

On 13th February 2025, Grace Connect participated in the DPO Forum in Luxembourg, discussing the evolving role of Data Protection Officers (DPOs) in today’s interconnected landscape of privacy, security, and resilience.

Our session focused on how DPOs can actively contribute to risk reduction beyond legal compliance, highlighting the growing convergence between GDPR, NIS 2, and DORA. We explored the importance of aligning privacy, security, and resilience strategies to protect organizations from cyber threats and ensure business continuity. Key insights included:

✅ The critical need for DPOs to integrate privacy risk assessments into business continuity plans. (Check also our DPOs Check list)

✅ How DPOs, CISOs, and Business Continuity Managers must collaborate to address privacy risks and strengthen overall organizational resilience.

✅ Practical examples of how a privacy breach can escalate into a full-scale crisis, underlining the necessity for cross-functional alignment in response planning.

For those interested in learning more, CLICK HERE  to download the full presentation from the event

The recent industry workshop on DORA Registers of Information held on December 18, 2024, brought significant updates that are essential for ensuring DORA compliance. Key changes include:

✅ ITS Updates and Simplifications

• Retention policies: The 5-year retention requirement for terminated contracts has been removed.
• Introduction of EUID: Financial entities can now use the European Unique Identifier (EUID) alongside LEI for identifying third-party providers. LEI remains mandatory for financial entities.
• Template Adjustments:
• Subcontractors: only the first external contractual relationship in intra-group ICT arrangements needs to be reported.
• Multi-Location Data: entities must submit separate rows for each location where data is stored or processed.

✅ Key Reporting Changes

• Reporting remains in plain CSV format, submitted as a zip archive with metadata in JSON format.
• Mandatory fields are strictly enforced; missing information will result in reporting rejection.
• The ESAs strongly advised against relying on Excel spreadsheets for managing Registers of Information. Transitioning to relational data tools is now essential to meet DORA compliance standards effectively.

✅ Critical Timelines

• Financial entities must submit their Registers of Information to competent authorities by early 2025. Specific deadlines vary by jurisdiction.
• Competent Authorities must consolidate and report registers to the ESAs by 30 April 2025.

✅ New Technical Package from #EBA👉 http://bit.ly/3DmdzX4

The framework release 4.0 technical package was published on 19 December 2024, including:

• The data point model,
• Validation rules, and
• An updated taxonomy to ensure seamless and compliant reporting.

📅 Next Steps:
Further updates are expected in January 2025 as financial entities and Competent Authorities gear up for official reporting.

🚀 Be Fully DORA-Compliant by January 2025!
At Grace Connect, we offer a state-of-the-art GRC solution specifically tailored for DORA compliance. Our platform ensures seamless reporting and robust governance to meet regulatory requirements.

📩 Contact us today to learn how we can support your organization’s journey to compliance. 

Let’s make 2025 the year of regulatory excellence together!

The European Supervisory Authorities (ESAs) have launched on December 8th a joint consultation on the second batch of polices mandates under the Digital Operational Resilience Act (DORA).

This latest package includes new draft regulatory technical standards (RTS), implementing technical standards (ITS), and Guidelines, aiming to create a consistent legal framework for ICT-related incident reporting, Operational Resilience Testing and ICT third-party risk management.

Key Components of the Second Batch

• 4 RTS on incident reporting, subcontracting of critical functions, oversight harmonization, threat-led penetration testing (TLPT).
• 1 ITS on the standard forms, templates and procedures to report a major incident and to notify a significant cyber threat.
• 2 set of Guidelines on aggregated costs from major incidents and oversight cooperation between the ESAs and the competent authorities.

Next Steps and Resources

• DORA, entered into force in January 2023 and set to be effective from January 2025, aims to fortify the digital operational resilience across the EU financial sector.
• The ESAs anticipate submitting the draft standards and issuing guidelines by July 17, 2024

Consultation Details

• Stakeholders can contribute until March 4th, 2024, providing insights on incident reporting, subcontracting ICT services, oversight cooperation, and more via the ESAs consultation page.
• Practical details on the consultation process and related documentation at https://www.eba.europa.eu

At Grace Connect Sarl, we're proactively supporting our clients to navigate the DORA compliance journey.
Reach out for comprehensive support and detailed insights on how to navigate upcoming regulatory changes.