Risk Management in Healthcare

The digital transformation is connecting the global economy like never before. As regulatory pressure continues to grow, owners are demanding more transparency. Management also sees the benefits of better traceability and transparency in internal and external decision-making. As these demands on modern compliance management continue to grow, managing the enterprise becomes more complex as well – especially in light of the high expectations on efficiency.


In order to address these challenges effectively, companies of all sizes and industries must develop processes which enable modern forms of enterprise management.


The significance of Governance, Risk & Compliance (GRC) processes continues to grow in this regard. GRC is an integrated collection of capabilities to reliably achieve goals, cope with uncertainty, and manage the business with integrity. This creates a strategic link, generates synergistic effects, promotes collaboration, and ensures long-term performance. GRC sets the guidelines for transparent, sustainable enterprise and performance management to generate value by assessing risks and opportunities.   


GRC unites the people, resources, processes and technology that are necessary to align and integrate governance, management, performance, risk and compliance in a standardized way. GRC is more than just a collection of individual processes such as an internal control system, information security management or risk management. It integrates the capabilities that enable organizations to achieve their goals reliably, cope with uncertainty, and take actions with integrity. 


Companies in the public sector or the field of public services are frequently in the spotlight. 


Healthcare, in particular, is feeling the pressure. The sector is in the midst of a major transition due to the constant debate on cost cutting, labor laws and protection, (personal) data privacy and information security (eHealth). Other foreseeable developments in data protection, statutory reporting obligations for safety incidents, and the new safety risks of medical IoT systems add to the complexity. 


In response, these companies are starting to delve into assurance processes to engange the responsible individuals on decentralized levels and build management systems that can be centrally developed and maintained.


KAV (the Vienna Association of Hospitals) and USZ (University Hospital Zurich) are two organizations that have taken the first steps in this direction.

“What impressed us about risk2value is that the existing ISMS processes are very flexible and can be mapped without major customization. The tool optimally supports the ISMS as a continuous improvement process. As a GRC solution, risk2value also offers the possibility to add further governance domains at USZ step by step. That makes the investment worthwhile,” explained Patrick Greuter, Chief Information Security Officer, USZ.



In both cases, risk2value lays the foundation for information security management and IT risk management. Various control requirements of the 27000 series (e.g. ISO 27001, ISO 27799) and industry standards (HIPAA or ISO 80001) were implemented in the scope of these projects. Tool-driven business impact analyses, comprehensive maturity evaluations as well as suitable reporting functions and workflows were also established for the first time.   

Reference projects

KAV, a hospital association based in Vienna, is one of Europe’s largest healthcare facilities with 11 hospitals, 9 geriatric centers and six nursing homes. The company employs 30,000 staff and provides all patients with superb, around-the-clock medical treatment and care 365 days a year. 

avedos risk2value customer GRC

USZ, the University Hospital Zürich, offers primary medical care and outstanding medical treatment from its central location in Zürich. The company, which employs 7,400 staff at 43 clinics and institutes, applies its academic research and knowledge to solve a wide range of health issues through personable, highly specialized, state-of-the-art medicine.

avedos risk2value customer GRC

About avedos

avedos GRC GmbH is a European software vendor that has specialized in developing integrated solutions for Governance, Risk und Compliance (GRC). avedos software solutions serve as a link between business operations and top management to enable risk-conscious, value-driven decisions in today’s complex business world. The software platform risk2value supports a wide range of GRC disciplines including enterprise risk management, internal control systems, compliance management, audit management and information security management. Its clients include the world’s largest and most successful automobile manufacturers, insurance companies, telecommunications providers and retailers.


Get in touch with our experts – personally or through our online contact form.
We look forward to hearing from you!

Bo Geurts



Bo Geurts
Marketing & Communications Manager
Benelux & Nordics B.V.

+31 6 5468 6721

Ger van Nijkerken



Ger van Nijkerken
Regional Sales Manager
Benelux & Nordics B.V.

+31 6533 9 6533