Quite a bit of movement this week in GRC, including the release of the upgrade to SAS’s GRC solution, the acquisition of BWise by NASDAQ OMX, Microsoft patches up another bunch of vulnerabilities, Clearwater expands its reseller program and Daegis offers free tools for calculating e-Discovery costs.

SAS Upgrades GRC Software

SAS this week announced that it had upgraded its Enterprise GRC software. The new version, it says, comes with better workflow capabilities, more personalized menu options and more control over the comprehensive GRC program view.

SAS Enterprise GRC enables users to edit the comprehensive view of an organization's GRC program, including linkages between GRC dimensions and custom fields. Users gain a clearer visual of how risks, controls, key risk indicators, incidents and other core elements relate to and strengthen one another.

The enhanced workflow capabilities help users customize business processes and operational demands for faster operation, while incident management can be specifically arranged to add decision nodes, alter validation stages, configure prompts and establish separate processing for financial effects, recoveries and allocations.

Customizable menus, including a redesigned home page and saved views, pair a more personalized user experience with faster and easier navigation. With menus that point to URLs, stored processes, dashboards, XML files, task lists and documents, users can streamline projects to desired sequence and layout and then recall any saved operational view.

SAS also announced that it will be announcing the next version of SAS High-Performance Risk later this year. The solution provides in-memory analytics on industry-standard server grids to deliver faster risk calculations including market risk, counterparty exposure, liquidity risk management and stress testing and scenario analysis.


The NASDAQ OMX group has announced that it has agreed to buy GRC vendor BWise. As a result, Wise’s GRC platform will be available through NASDAQ OMX Corporate Solutions, which focuses on cutting risk in public and private companies using a suite of governance, investor relations and public relations products.

With the acquisitions, NASDAQ will be able to offer companies the ability to track measure and manage key organizational risks -- including the risk of non-compliance -- with governance, management and compliance software and services.

NASDAQ has not said how BWise will interact with its range of products except to say that Wise’s case management, workflow management, reporting and dashboard capabilities complement and enrich SMARTS, NASDAQ OMX's surveillance and compliance monitoring platform for brokers, exchanges and regulators.

Microsoft Patches Office Vulnerabilities

Also this week, Microsoft announced that it had fixed 23 vulnerabilities, including security holes in Office, Windows, .NET and Silverlight, some of which were described as critical.

On its security blog, Microsoft said that in the worst possible cases, the holes would have enabled attackers to enter infected machines, take them over and run malicious code remotely on them.

In the case of Office, the hole could have enabled attackers to execute remote code on compromised systems that would have been inserted into the targeted machine through a RTF file -- which, if downloaded, would have given the attackers the same rights as the legitimate user.

The issue is labeled critical for all supported editions of Microsoft Word 2007. It is rated "important" -- the second highest severity level in Microsoft's four-level scale -- for all supported editions of Word 2003, Office 2008 for Mac and Office for Mac 2011, as well as all supported versions of Office Compatibility Pack.

Clearwater Expands Reseller Program

This week too, Clearwater Compliance announced the establishment of a new reseller program for HIPAA and HITECH compliance consultants and advisors.

The program is aimed at helping business partners better serve their healthcare clients with Clearwater HIPAA-HITECH compliance software, services and solutions.

In addition to assessment and risk analysis SaaS tools, Clearwater rounds out its solutions for resellers with privacy and breach notification assessments; sets of Privacy, Security and Breach Notification policy and procedure templates; data backup solutions; end user security and HIPAA training programs and other solutions. Additionally, Clearwater provides its partners with sales tools, proposal templates and marketing support and resources. Why the expansion?

The healthcare market for compliance services is large and growing with meaningful use monies available to healthcare providers alongside the simultaneous increase in HIPAA-HITECH enforcement. Clients and other compliance services providers are clamoring for software and solutions to enhance the productivity of their compliance,” Bob Chaput, CEO of Clearwater said.

We’ve seen in the past how important the software business in the healthcare sector is, so this move is hardly a surprise.

Daegis’ e-Discovery Calculator

Finally this week, e-Discovery vendor Daegis announced its Cross-Matter Management Savings and Document Review calculators for companies that are trying to estimate e-Discovery costs.

Designed by Daegis, the free online tools help legal counsel better predict costs and timelines associated with e-Discovery, allowing for more targeted budgeting and greater cost predictability.

Daegis' Document Review Calculator allows clients to input assumptions about project deadlines, the number of reviewers and other factors, to forecast the budget and reviewer requirements necessary to complete the review within the target timeframe.

The Cross-Matter Management calculator, based on Daegis' cutting-edge Cross-Matter Management methodology, allows users to enter matter and pricing assumptions for both initial and subsequent matters, and then view the resulting financial savings in areas such as collection, processing and review.