The document discusses a national continuity solutions platform that provides:
1) Continuous assessment and monitoring of organizational policies, assets, configurations, controls, risks, and other elements through a purpose-built GRC platform.
2) Integrated applications that support compliance reporting, policy management, risk monitoring, and other functions through a common data model and open connector architecture.
3) Customization and integration capabilities to help customers in sectors like defense, intelligence, and federal agencies manage compliance and risk through automated and continuous processes rather than manual ones.
5. Compliance Solution Market Trends Manual Processes Automation Compliance Driven Business & Risk Driven Custom Controls Standard Controls Compliance and Risk Silos Common Control Framework Fragmented Tools Integrated Solution Periodic Audits Continuous Monitoring Internally Developed Tools Purpose-Built Platform Consulting Engagements Software Solutions Cylinder of Excellence View Enterprise Wide Visibility Past Present
6. Custom & Manual Solutions Help Desk Leverage existing technologies Tools not suite to purpose Poor data integrity and quality Limited point-to-point integration Heavily relying on scripting, macros, kron jobs Fragile integrations Mostly manual processes Heavily relying on Excel and Word Use Help Desk tool to route workflows Document Management Excel Word Reporting Tools Data Warehouse
7. Purpose-Built GRC Platform Open technology stack Hot pluggable with open sourced, Oracle, IBM, ... Consistent with corporate technology strategy Purpose-built GRC platform Optimized for GRC, SOA platform vision Predefined GRC business objects / entities Simple upgrade and extension Single-point integration Simple upgrade and extension No point integration Feature-rich applications Integrated functionality, no redundancy Cross-regulation scalability Open content Global community and localized support Partner and customer friendly IT GRC Platform Dashboards, Reports, Indicators Automation & Collaboration Engines Common Control Framework Integrated GRC Data Model Open Connector Architecture Workflow Reporting Data Integration NIST 800-53 ISO SOX
The automated fusion and correlation of the data produced by the multiple technologies forming the technical control framework will allow COM to maximize the return on investment for the technology. Additionally, an automated solution serves as a force multiplier that does not require the typical headcount associated with the manual collection, correlation and analysis of the data gathered during an average assessment and/or monitoring window. The automated solution is able to determine enterprise risk and compliance status while providing a comprehensive dashboard and reporting capability to ensure that stakeholders at every level are provided a means to monitor and measure what matters most to them.
In the beginning, people use existing general purpose tools to built semi-automated GRC solutions. Not scalable, not integrated Not a big issue when you only need 1 to 2 solutions