The IT GRC solution brings enterprise-wide processes(workflow, data repository, regulatory mapping etc.) onto a single platform with an objective of better control of data, its faster retrieval and processing to enable enhanced decision making and transparency with regard to compliance. It is combination of IT-related GRC functions that supports leadership in decision making and security operation functions that provides useful guidance on risk assessment and management including vulnerability management and technology-centric to meet compliance requirements.

IT GRC solutions focus on organizational security policy, knowledgebase of regulations and control standards and brings out IT compliance dashboards by carrying out IT risk assessment through controls and policy mapping ,IT control assessment and measurement.

(Read more:  Top 5 Application Security Technology Trends)

Types of organization that need such solution

As of now, the main focus is on financial and telecom service organizations as most of the frauds have been reported from these firms because of risks and security exposures arising through the firm's use of technologies such as electronic payments, mobile banking and cloud services. However, due to increasing concerns on privacy, a number of regulations are increasing throughout the globe. This necessitates almost all types of organizations to use such solutions. From Indian perspective also, The Privacy Rule of 2011, Clause 49 of SEBI and the proposed amendment in Company Act will encompass almost all organizations that handle private and financial data. All these organizations will have to report compliance to government agencies on regular basis and on demand. The trend has also been observed in due diligence exercises carried out by investors/companies wherein before infusing capital or going for merger/acquisition, the GRC status is seriously studied and existence of good IT-GRC solutions brings the first hand advantage.

Key Drivers for adoption

There are many evidences of legal and penal actions on companies that report unexpected bad news due to poor risk
management. Prevention of financial fraud, theft of PII, trade compliance, environmental, health, and safety regulations are some key drivers for adoption of IT GRC solution.

(Read more:  5 easy ways to build your personal brand !)

Compliance, Regulations and Standards that make the solution mandatory

  • There are many such compliance, regulations and standards. To name a few:-
  • Financial Institutions Related Regulations/Standards
  • Sarbanes-Oxley Act, Section 404
  • Payment Card Industry Data Security Standard (PCIDSS)
  • Gramm-Leach-B liley Act (GLBA)
  • EU Data Protection Directive
  • Basel II
  • Anti-money laundering (AML)
  • SEBI Clause 49
  • Indian IT Act 2008 & and IT Rule 2011
  • Other Industries Related Regulations/Standards
  • U.S. Bioterrorism Act 2002
  • ISO 22000 (Food Safety Management System)
  • HIPAA
  • SAFE
  • FISMA
  • ITIL
  • Cobit
  • ISO 27000 (Information Security Management System)
  • FFIEC

 

Top Technology Trends for the above domain

Few trends are quite visible:-

  • Industry is seriously attempting to improve IT-GRC initiative to align with tough regulatory requirements.
  • Consumers/customers are considering IT-GRC as business differentiators while selecting the right supplier or service provider.
  •  IT-GRC solution providers are continuously improving their solution to incorporate latest cross-functional requirements of compliance, standards or regulations.

Service providers, therefore, consider compliance convergence, which streamlines controls horizontally rather
than vertically within the organization. They continuously attempt to include risk earlier in decision cycles and bring slow but steady evolution of controls automation. Many solution providers are presenting their solutions on cloud
as PaaS with emphasis on programs for content aggregation and process standardization.

-KK Chaudhary, SVP - Group Head IT & IS, Lanco Infratech Ltd tells us How should a CISO define the requirement for solutions for IT GRC Management Tools.

E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform