Updated on: August 30, 2024
SafetyDetectives recently sat down with Christos Makedonas, Co-Founder of Enactia, to discuss the company’s innovative approach to Governance, Risk, and Compliance (GRC) solutions. Founded with the vision of creating a more intuitive and affordable platform, Enactia was born out of the realization that many organizations, particularly small to mid-sized businesses, were grappling with the complexities and high costs associated with existing GRC tools. Since its inception, Enactia has evolved into a comprehensive GRC suite, offering advanced features like automated risk assessment, continuous monitoring, and an AI compliance assistant. Makedonas shared insights on how the company has managed to attract clients away from established market leaders through its user-friendly design and competitive pricing.
What inspired you to co-found Enactia, and how has the company evolved since its inception?
The idea of Enactia was conceived before the introduction of GDPR, driven by the recognition of a growing need in the market for more intuitive and accessible Governance, Risk, and Compliance (GRC) solutions. Many organizations, particularly small to mid-sized businesses, were struggling with the complexity and high costs of existing GRC platforms. Our vision was to create a platform that was not only robust and comprehensive but also user-friendly and affordable. We are proud that clients have recognized this and even switched to Enactia from current market leaders due to its capabilities, functionality, and attractive pricing. Since its inception, Enactia has evolved from a simple compliance tool into a full-fledged GRC suite that now includes advanced features like automated risk assessment, continuous monitoring, the delivery of an AI compliance assistant, and much more. We’ve also expanded our reach globally, serving clients across various industries.
How does Enactia’s software suite differentiate itself from other GRC platforms in the market?
Enactia differentiates itself through its focus on simplicity, flexibility, and affordability. While many GRC platforms are geared towards large enterprises with complex needs, we’ve designed our software to be scalable and adaptable to organizations of all sizes. Our intuitive interface allows users to easily manage compliance requirements without needing extensive training. We also emphasize strong customer support and continuous updates, ensuring that our clients are always equipped with the latest tools and insights to manage their GRC needs. I believe our strong differentiation lies in our deep understanding of the pain and struggles faced by professionals such as Risk and Compliance Officers, DPOs, and Security Officers—insights derived from our years of experience in the consulting field. Enactia was designed by experts. Furthermore, we emphasize the integration and connectivity between our solution’s modules and how each module feeds into the other—something our competitors often lack.
What do you see as the most significant challenges organizations face in implementing effective Governance, Risk, and Compliance (GRC) strategies?
One of the most significant challenges is integrating GRC into the organization’s culture. GRC should not be seen as a standalone function but as an integral part of everyday operations. Another challenge is keeping up with the ever-evolving regulatory landscape, which can be overwhelming for organizations that lack dedicated resources. Additionally, many organizations struggle with data silos, making it difficult to get a comprehensive view of risks across the business. Finally, balancing the need for compliance with operational efficiency can be challenging, especially in highly regulated industries. Organizations should adopt a step-by-step approach; you cannot expect to implement a fully-fledged GRC system with extensive functional requirements when you are currently working with spreadsheets. The transformation should be smooth and gradually embed the new way of working into the organization’s operations.
What role does continuous monitoring and risk assessment play in Enactia’s solutions?
Continuous monitoring and risk assessment are at the core of Enactia’s solutions. We believe that the traditional approach of periodic assessments is no longer sufficient in today’s fast-paced business environment. Risks can emerge and evolve rapidly, and organizations need to be able to respond in real time. Our platform offers continuous monitoring capabilities that allow for real-time data collection and analysis, enabling proactive risk management. This helps organizations not only detect issues as they arise but also predict potential risks before they become critical, thus enhancing overall resilience and compliance. Overall, risk assessment is a constant process, not a one-time or annual activity.
What trends are you seeing in the integration of Ethics and Compliance, particularly in relation to whistleblowing management?
There is a growing recognition that ethics and compliance need to be more closely integrated, as they both contribute to an organization’s overall integrity. One significant trend we’re seeing is the increased focus on creating safe and anonymous channels for whistleblowers. Organizations are realizing that effective whistleblowing management is not just about regulatory compliance but also about fostering a culture of transparency and trust. We’re also seeing more integration of ethics and compliance training within broader corporate training programs, ensuring that all employees understand the importance of ethical behavior. At Enactia, we’ve responded to these trends by enhancing our whistleblowing management features, making it easier for organizations to track, investigate, and resolve reports while maintaining confidentiality.
What are the common pitfalls companies encounter when managing cybersecurity risks, and how can they be avoided?
One common pitfall is the failure to integrate cybersecurity risk management into the overall GRC framework. Many organizations treat cybersecurity as a separate issue, leading to gaps in risk coverage. Another issue is underestimating the human element—employees are often the weakest link in cybersecurity, whether through phishing attacks or poor password management. Additionally, some companies rely too heavily on reactive measures rather than proactive strategies, which can result in significant damage when breaches do occur. To avoid these pitfalls, organizations should adopt a holistic approach to Information Security and Data Protection Governance along with risk management, ensure regular training and awareness programs for employees, and invest in continuous monitoring and threat intelligence to stay ahead of potential risks. Enactia’s platform is designed to help organizations integrate cybersecurity into their broader GRC strategy, providing the tools needed to identify, assess, and mitigate these risks effectively, supported by a comprehensive library of global frameworks and legislation along with a detailed control library.