DE
Discover how ewl energie wasser luzern restructured and digitalized its risk management, internal control system (ICS), data protection, and IT security—and the tangible benefits the GRC Toolbox delivers in day-to-day operations and regulatory compliance.
Initial situation
Until recently, ewl Energie Wasser Luzern relied on Microsoft Excel and Atlassian Jira for key areas of corporate governance such as risk management, internal control system (ICS), IT security management, and data protection. The limited automation capabilities—especially in Excel—resulted in high manual effort, increased risk of errors, and a lack of integration between departments.
Given the company’s diverse business areas and the constantly evolving market and regulatory landscape, integrated corporate risk management had become increasingly complex. This demanded continuous risk monitoring, effective implementation of protective measures, and strict adherence to data protection and security requirements.
In light of rising cyber threats, ewl placed particular emphasis on continuously enhancing the protection of sensitive data and identifying and implementing new security measures at an early stage.
Objectives
The goal was to implement the GRC Toolbox as a central, integrated solution for risk management, ICS, data protection, and IT security. Standardized, software-supported processes were expected to streamline the management of measures and controls. At the same time, Excel-based solutions were to be replaced, an information security management system (ISMS) in line with the Swiss ICT minimum standard established, and a business continuity management (BCM) system—including an IT emergency plan—introduced. Further objectives included significantly improving the efficiency of audits and reviews, reducing manual workloads, minimizing sources of error, and enabling transparent reporting on GRC activities—always with the aim of ensuring compliance with applicable standards and regulations.
Approach and collaboration
The decision in favor of the GRC Toolbox was driven by its user-friendliness, clear structure, and intuitive interface. A decisive factor was the ability to independently adapt and configure reports, input forms, and action plans, while managing multiple GRC areas centrally in one platform.
The implemented modules include Risk Management (RM), Internal Control System (ICS), Business Continuity Management (BCM), Information Security Management System (ISMS), and Data Protection. Together, they form an integrated system for identifying, assessing, and managing risks, ensuring effective controls, and meeting regulatory requirements in both information security and data protection.
In collaboration with Swiss GRC’s consulting team—particularly Senior GRC Consultant Daniele Fiasco—ewl experienced a high level of expertise, reliability, and mutual trust. This strong foundation played a decisive role in the project’s success.
Project challenges
Despite an ambitious schedule, the project was completed successfully and on time. Cooperation between the ewl and Swiss GRC teams was seamless and solution-focused throughout.
Close coordination and the implementation partner’s in-depth expertise made it possible to address specific requirements—such as customized report templates—flexibly and efficiently. Even for complex issues, practical solutions were found quickly, without any friction or delays.
Key results and impact
With the introduction of the GRC Toolbox, ewl fundamentally transformed its company-wide approach to governance, risk, and compliance. For the first time, previously separate areas such as ICS, risk management, data protection, information security, and business continuity management were consolidated into a single, centralized solution.
The results: clearly structured processes, standardized workflows, and significantly reduced operational effort. What was once characterized by manual work and siloed applications is now fully digitalized, transparent, and easy to manage.
The new solution enables systematic implementation of regulatory and internal standards, early identification of risks, and targeted responses to developments—especially in security-critical areas such as protecting sensitive data.
A key success factor was partnering with a regional provider. As a Lucerne-based company, Swiss GRC not only delivered a powerful technology solution but also impressed with its local presence, strong consulting expertise, and deep understanding of ewl’s challenges. This combination of local roots and professional excellence greatly contributed to the successful implementation and strengthened trust in the solution.
