The intent of using IT Governance Risk Compliance (IT GRC) tools and capabilities is to report and manage IT Risks. We will study the critical platform capabilities for IT GRC Tools.
Critical Platform Capabilities In IT GRC Solution
- IT Risk Management
- IT Asset Management
- Policy Management
- Social Media Risk Management
- IT Vendor Risk Management
- 3rd party Vendor Integrations
- Incident tracking & management
- Customizable Reports and Dashboards
- Customizable Workflows
- Security Monitoring & Overview
- Disaster Recovery & Business continuity management
- IT GRC Elements Mapping / Cross Mapping and Interlinks between modules
- Integration with Enterprise IT – SSO (with RBAC), DBMS, HRMS etc.
- Survey creation & distribution (with or without access to GRC platform)
- Pre-packaged content (Policies, Controls, Procedures, Risk Register, Metrics (KRIs, Security etc.) Assessment Questionnaire etc.)
- Integration with Cloud and BYOD
The major areas under consideration should be the IT Risk Mapping, Ability To Track Risk and Estimate it, Presenting of the data in Dashboard/Reports.
Few Questions to assess an IT GRC Vendor
- Do they have Proof Of Concept support? Timeline?
- What are the added costs?
- Scope of expansion of IT GRC Product? Can the vendor support expand into Enterprise and Legal GRC?
- What is the feedback of real users? Ask your colleagues
- What are the supported OS,Cloud and Mobile?
- What are the liabilities they entail? Have the contract well checked for adverse situations.
1. Extracts have been taken from IT GRC Workshop, Decision Summit, Delhi 2015 by Ravi Mishra