contents

software
 
CA Announces New Solution for IT Governance, Risk, and Compliance

CA has unveiled a solution for empowering IT organizations to achieve their increasingly challenging and business-critical governance, risk and compliance (GRC) objectives. The solution features CA GRC Manager, a product that provides portfolio management of IT risks across the enterprise, as well as CA's IT control automation solutions.

Proliferating regulatory activity and the demands of investors are generating greater pressure on businesses of all types to improve their GRC practices. As the steward of enterprise information, IT organizations are especially subject to these pressures, and bear a disproportionate level of cost, effort and risk in responding to these mandates.

Unlike IT GRC solutions that offer tabular, report-based policy management, SOX compliance or risk assessment tools, CA GRC Manager is the industry's only visual portfolio-based solution. This helps companies effectively organize and prioritize how they will stay in compliance and be under acceptable risk thresholds for the least amount of labor. The concept of a portfolio view is analogous to financial portfolio management, where a portfolio enables measurement and objective evaluation of investment scenarios. With CA GRC Manager, the IT risk portfolio is modeled to fit the desired risk posture of the organization. CA GRC Manager is also the only IT GRC solution that includes rich project management capabilities to ensure that optimal remediation plans are produced, communication barriers are eliminated and IT compliance projects are executed effectively.

CA GRC Manager also enables customers to map their diverse IT risks and controls to specific legislative mandates, industry regulations, and corporate policies. This cross-referencing helps eliminate the organizational "silos" that commonly lead to redundancies, inconsistencies, and gaps in IT GRC. And, with a global repository of IT risks and control information, CA GRC Manager replaces the unsustainable mix of multiple systems and ad-hoc spreadsheets, charts and documents used to handle IT risk and controls in many organizations today.

CA GRC Manager also includes the Unified Compliance Framework, which maps an "out-of-the-box" set of more than 4,000 control objectives to 280 standards and regulations such as COBIT, COSO, NIST, ISO17799:2005, SOX, HIPAA, PCI and NERC. It is fully configurable and extensible to other GRC libraries. This combination of packaged functionality, configurability and extensibility accelerates the creation, approval, and maintenance of GRC policy-and-procedure documents and helps organization correlate their policies to ongoing changes in regulatory requirements.

CA's portfolio for IT GRC is further supported by a broad range of IT Capability Solutions that automate IT controls for security, information, and change:
- Security controls safeguard IT resources and data through a combination of Identity and Access Management, Security Information Management, and Threat Management;
- Information controls safeguard the integrity of information assets and ensure their availability, even in the event of catastrophe, through a combination of Records Management and Recovery Management;
- Change controls safeguard IT services from being compromised due its own ongoing development and infrastructure management activities through a combination of Change and Configuration Management..

In conjunction with this announcement, CA is introducing the beta release of CA Security Vulnerability Manager (CA SVM). CA SVM helps organizations measure compliance and manage risk by identifying vulnerabilities in software and configuration settings, linking them to critical business assets and facilitating remedial action.

CA customers seeking to leverage the expertise of experienced IT GRC professionals to more rapidly achieve IT GRC excellence can work with CA Services, as well as select CA partners.



write your comments about the article :: © 2007 Networking News :: home page