RIMAGO – Your GRC Software for DORA Compliance

Proven for DORA. End-to-end GRC from a single source.

IT is becoming increasingly significant for financial institutions. Growing regulatory requirements, digitalisation, sustainability and the shortage of qualified personnel are leading to increasing complexity. National regulations as well as European Union regulations such as DORA (Digital Operational Resilience Act) are presenting the financial sector with ever greater challenges.

The RIMAGO (Risk, Management and Governance) application that we have developed controls all relevant management and IT areas in compliance with the latest regulatory requirements – currently those of DORA.

Proven in practice

RIMAGO is used by more than 350 institutions and companies, including successful submission of the DORA information register 2025 with the support of TRICEPT.

RIMAGO – your central GRC tool

RIMAGO is a fully integrated GRC software that combines governance, risk and compliance requirements in a centralised system. RIMAGO enables companies, institutions and banks to manage risks, controls, measures and compliance evidence in a structured and auditable manner – regardless of industry or regulatory regime.

Centralised management of governance, risk and compliance-related issues
Uniform database instead of isolated solutions
Transparency regarding responsibilities, measures and risks
Audit-ready at any time
Scalable from individual standards to complex regulatory landscapes

356

Financial institutions

30.416

Users

6

Control modules

18

Modules

Ready for DORA?

Get in touch with our GRC experts!

Sign up now – free and without obligation:

Kalender Webinar 2025

Seite 1

First name

Last name

E-Mail

Your inquiry

By completing and submitting the form, you agree to our privacy policy and confirm that we may store and process the personal data you provide via the form for the purpose of handling your request and, if necessary, contacting you. Your data will not be shared with third parties. You may withdraw your consent at any time.

Consent to the privacy policy

I have read and agree to the privacy policy.

DORA puts financial institutions under pressure

To implement the regulatory requirements of DORA, financial institutions often work with individual, non-integrated software products from different manufacturers or rely on solutions they have developed themselves based on Notes, Excel or Access.
This results in time-consuming and redundant maintenance processes as well as redundant data storage in the various systems. Furthermore, a large number of interfaces are created, which entail a high degree of complexity and considerable effort in synchronising the data required by regulatory authorities.
High costs, a considerable strain on resources and substantial error susceptibility are the result. Human resources remain scarce, however, particularly in the area of regulatory law.

RIMAGO as fully integrated GRC software

RIMAGO steers all management and IT areas of an institution or company efficiently and in a resource-saving manner while comefeplying with all regulatory requirements.

Instead of providing isolated solutions, RIMAGO is a fully integrated GRC+ solution for governance, risk, compliance and organisation/IT management that guarantees shared data storage.

This allows a comprehensive view of business processes and reliably fulfils most of the regulatory requirements (DORA) of the European Union.

Our Services

We draw on more than 20 years of in-depth experience in managing key financial services governance areas.

The RIMAGO application

With our expertise, we have succeeded in developing a product that centralises, integrates and standardises the areas of governance, risk, compliance and organisation/IT management within a financial institution. This leads to transparency and enables reliable compliance with regulatory requirements. At the same time, detailed analyses and reports in RIMAGO lead to effective control measures. Thus, the potential for reducing (IT) costs and improving performance can be systematically exploited. The RIMAGO solution covers outsourcing management with third-party risk management, information registers, service provider control and contract management, and is continuously developed by us in line with constantly changing regulatory requirements.

Consulting services, implementation and roll-out

We advise financial institutions on the introduction of RIMAGO and support them in the successful implementation of the solution. Our expertise is based on an established process model with clearly defined service packages and milestones. From the initial idea to operational implementation and end-user training, we provide our customers with seamless support from a single source.

Training courses and webinars

With an exceptional and dedicated team, we remain at our customers’ side even after the implementation of RIMAGO: we are available to provide advice and support with individual training courses, roll-out webinars, training sessions on individual modules and topics, and a wide range of support and services. Our focus is always on the wishes and requirements of our customers.

Support and service

Our professional support and service team handles queries and error reports. Conscientious, qualified and committed, our team resolves over 700 tickets from 30,000 end users every month. These are primarily our operational customers, who receive support from our service team for their specific queries and topics.

Meet DORA requirements successfully with RIMAGO

We are constantly developing the GRC Cockpit RIMAGO in line with the latest regulatory requirements. Our focus is currently on the DORA strategy, ICT asset management, ICT risk management and ICT third-party management.

In order to effectively manage information security risks, a comprehensive overview of the interconnections in the ICT asset register is necessary. RIMAGO ensures shared data management that provides a comprehensive view of business processes and digital operational resilience. All the assets of a company or institution – such as data categories, processes, applications, systems, hardware, rooms, communication relationships and contracts – are mapped in the ICT asset register.

The control modules of RIMAGO access the individual objects of the ICT asset register. Behind each control module are various company roles such as IT managers, process owners, contract and outsourcing officers, information security officers, data protection officers and emergency response officers. All of them work on the same database and use the same user interface. There are no data islands in RIMAGO: changes made by one user are also available to all other users, regardless of their role.

The control modules in RIMAGO

Our RIMAGO GRC tool consists of six different control modules:

ICT risks and information security

In RIMAGO, our customers control the target requirements across all assets, including an integrated target/actual comparison with risk identification and risk treatment.

‘ICT risks and information security’ provides implementation support and covers target requirements based on current regulations such as DORA or ISO27001. All assets from asset management are integrated, target⁄actual comparisons are mapped, and ICT risks are automatically identified. Our customers manage risk treatment transparently and efficiently. The audit module enables the planning, execution and tracking of information security audits.

ICT risk and asset management

Our customers manage all assets – from processes and IT architecture to servers, other infrastructure, rooms and locations – with ICT risk and asset management.

Meet regulatory requirements while gaining valuable insights for effective internal management. With ICT Risk and Asset Management, you can achieve this – and more.

The asset register centralizes all elements relevant to IT governance in one place: data, processes, applications, IT components, hardware and infrastructure, contracts, as well as facilities and locations.

Strategy, cost controlling and project portfolio

Our customers define their strategy and manage their goal achievement with the project portfolio and benefit from efficient IT controlling.

‘Strategy, cost controlling and project portfolio’ allows a DORA-compliant strategy to be defined and managed. This control module has a strong focus on portfolio and individual project management, including regulatory aspects. Our customers benefit from this when managing their goal achievement. All controlling processes are mapped digitally and efficiently.

Data protection

Data protection is a top priority at RIMAGO. We map DPA and DPIA at a glance, quickly and securely. The fully integrated approach ensures uninterrupted data protection.

* DPA = Directory of processing activities
** DPIA = Data protection impact assessment

The fully integrated approach creates relevant connections between assets right from the start. This allows the VVT to be mapped efficiently and the DSFA to be carried out. All data protection aspects are passed on along the asset register.

Contingency management

For us, contingency management begins with the criticality analysis (BIA) and only ends with the business continuity requirements for all assets.

In contingency management, our customers define all emergency-critical processes and then benefit from the integrated connections along the asset register. All requirements from the business impact analysis (BIA) and risk impact analysis (RIA) for all individual assets are mapped there. This enables efficient control of the IT landscape and infrastructure as well as service providers from a BCM perspective.

Outsourcing and third-party risk management (TPRM)

Manage contracts and control all service providers efficiently – while taking all regulatory requirements into account.

In contingency management, our customers define all emergency-critical processes and then benefit from the integrated connections along the asset register. All requirements from the business impact analysis (BIA) and risk impact analysis (RIA) for all individual assets are mapped there. This enables efficient control of the IT landscape and infrastructure as well as service providers from a BCM perspective.