CA (news, site) has a fresh perspective on how their customers view their product. As they developed version 2.5 of their GRC Manager, they surveyed their customers of version 2.0 to see how exactly they had been using it.
It turns out everyone had a different view of the world and used it differently depending upon their industry, job title or relevance to risk and compliance. Such insight sparked the impetus behind the release of GRC Manager 2.5.
CMSWire spoke with Tom McHale, VP of product management for CA GRC Manager, and Marc Camm, senior VP and GM of GRC products, about the new features and how v2.5 aims to help companies meet compliance standards and improve workflows.
At the forefront of the release is a customizable, contextual dashboard. Users can organize their dashboards according to their point of view. Since everyone sees GRC a little differently, CA decided to let them optimize the features they want and need.
CA GRC Manager v2.5 Interface
A Controls Tester opens up CA GRC Manager to see only the information necessary to complete their specific testing responsibility (fig. 1), keeping their view free of other details, while a Compliance Officer can navigate through to a broader set of datasets and dashboards (fig. 2). These different options are shown both on the available tabs across the top, and on the left-hand navigation menu.
Other features included in the release also serve the GRC Manager’s over-arching theme of perspectives.
Take questionnaires for example. It used to be that users could post forms to gather insight from their clients. But clients can be far and wide and consistent access couldn’t be guaranteed. Now, however, an automated questionnaire is available. Users can create unique surveys in an effort to probe clients and partners for growing issues and risks within their industry. Choosing from a library of questions or creating their own, users have greater freedom to see things from different points of view.
The FISMA Accelerator
CA also introduces the FISMA Accelerator. The Federal Information Security Management Act requires that non-DoD companies meet appropriate standards. Yet, many often don’t. Enter the Accelerator.
It’s a package within a product that provides best practices for just about every risk for a given industry. An integrated framework can guide a company through a classification system of issues and special requirements. As a company enters its information and compliance progress, the accelerator monitors its status, pointing out best practices and helpful guidelines needed to advance its status.
But just like most federal regulations, information is always changing. Not to worry. The Accelerator updates information on a quarterly basis to ensure the companies are receiving the most up-to-date information about their specific GRC-related issues.
On-going IT Control Monitoring
Finally, CA implements on-going IT control monitoring. Because companies often bemoan the most crucial and often most costly part of the compliance process — manual testing — the GRC Manager 2.5 takes on the task of automating input of IT controls status information and provides a single view of overall IT risk and compliance profiles, reducing the cost and time.
Focusing primarily on the different ways the GRC Manager can be used, there are slew of extensions available, allowing users to choose the tools they want. However, because everyone might not agree on what’s the right tool for the job, CA offers a sort of hierarchy, prioritizing controls, so as to lead companies up a ladder towards compliance.
Of course, like most GRC tools, users can only expect to get out what they put in. Those with programs already in place will be able to get the GRC Manager up and running relatively quick. Those without will have to get their ducks in a row before being able to get the most out of it.
No matter how you see it, CA is confident that you can customize your view, so that you can navigate your way to compliance clearly.