CA Announces Comprehensive Solution for IT Governance, Risk, and Compliance.New CA GRC GRC Greece (ISO Country code) GRC Glenn Research Center (NASA) GRC Governance, Risk and Compliance GRC Gendarmerie Royale du Canada (RCMP - Canada) GRC John H. Manager and CA's IT Control Automation Solutions Empower Customers to Meet Escalating Regulatory Challenges ISLANDIA, N.Y. -- CA (NYSE NYSE See: New York Stock Exchange : CA) today unveiled a comprehensive solution for empowering IT organizations to achieve their increasingly challenging and business-critical governance, risk and compliance (GRC) objectives. The solution features CA GRC Manager, an innovative product that provides portfolio management of IT risks across the enterprise, as well as CA's industry-leading IT control automation solutions. Proliferating regulatory activity and the demands of investors are generating greater pressure on businesses of all types to improve their GRC practices. As the steward of enterprise information, IT organizations are especially subject to these pressures, and bear a disproportionate level of cost, effort and risk in responding to these mandates. As a leading provider of IT controls technology, CA is uniquely able to help customers cope with these growing GRC pressures. CA will continue to build on its GRC strategy--which has attracted strong support from leading consultancies and practitioners--over the coming year. "Leveraging technology to support the integration of governance, risk and compliance across the enterprise can help an organization create and sustain an effective compliance program," said Andrew Toner, partner, PricewaterhouseCoopers. "Organizations face increasing challenges today as they react to the rapid pace of change in the global market and the demand for increased transparency and accountability. Together, PwC and CA can help organizations combine business process improvements with technology solutions to more effectively and efficiently address enterprise governance, risk and compliance requirements Compliance requirements are a series of directives established by United States Federal government agencies that summarize hundreds of Federal laws and regulations applicable to Federal assistance (also known as Federal aid or Federal funds). ." CA GRC Manager Unlike IT GRC solutions that offer tabular, report-based policy management, SOX (1) (Schema for Object-oriented XML) An XML schema developed by Veo Systems and Muzino Communications, which was submitted to the W3C. SOX is based on DTD, but adds data typing and reuse mechanisms. compliance or risk assessment tools, CA GRC Manager is the industry's only visual portfolio-based solution. This helps companies effectively organize and prioritize how they will stay in compliance and be under acceptable risk thresholds for the least amount of labor. The concept of a portfolio view is analogous to financial portfolio management, where a portfolio enables measurement and objective evaluation of investment scenarios. With CA GRC Manager, the IT risk portfolio is modeled to fit the desired risk posture of the organization. CA GRC Manager is also the only IT GRC solution that includes rich project management capabilities to ensure that optimal remediation plans are produced, communication barriers are eliminated and IT compliance projects are executed effectively. "To fulfill their continually escalating GRC requirements, IT organizations need to adopt a portfolio-based approach that is cohesive, highly disciplined, and well-automated," said Jacob Lamm, executive vice president and general manager at CA. "By providing a powerful technology foundation for implementing such an approach, CA is enabling customers to successfully cope with regulatory pressures while controlling costs." CA GRC Manager also enables customers to map their diverse IT risks and controls to specific legislative mandates, industry regulations, and corporate policies. This cross-referencing helps eliminate the organizational "silos" that commonly lead to redundancies, inconsistencies, and gaps in IT GRC. And, with a global repository of IT risks and control information, CA GRC Manager replaces the unsustainable mix of multiple systems and ad-hoc spreadsheets, charts and documents used to handle IT risk and controls in many organizations today. "Every organization knows that it has serious GRC issues, but no organization has unlimited resources to devote to those issues," said Richard Ptak, Managing Partner, Ptak, Noel & Associates. "The tools that CA is providing to help managers maintain alignment between resource allocation resource allocation Managed care The constellation of activities and decisions which form the basis for prioritizing health care needs and business risk are therefore extremely crucial to the success of its customers' GRC initiatives." CA GRC Manager also includes the Unified Compliance Framework, which maps an "out-of-the-box" set of more than 4,000 control objectives to 280 standards and regulations such as COBIT (Control OBjectives for Information and related Technology) A business-oriented set of standards for guiding management in the sound use of information technology from the Information Systems Audit and Control Association (ISACA) (www.isaca.org). , COSO COSO Committee of Sponsoring Organizations of the Treadway Commission COSO Church of Spiral Oak COSO Corporate South COSO Class of Service Override COSO Combat Oriented Supply Operations (USAF) , NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. , ISO (1) See ISO speed. (2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. 17799:2005, SOX, HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, , PCI (1) (Payment Card Industry) See PCI DSS. (2) (Peripheral Component Interconnect) The most widely used I/O bus (peripheral bus). and NERC NERC Natural Environment Research Council (UK) NERC North American Electric Reliability Corporation (Princeton, New Jersey, USA) NERC Northeast Recycling Council NERC National Environment Research Council . It is fully configurable and extensible to other GRC libraries. This combination of packaged functionality, configurability and extensibility accelerates the creation, approval, and maintenance of GRC policy-and-procedure documents and helps organization correlate their policies to ongoing changes in regulatory requirements Regulatory requirements are part of the process of drug discovery and drug development. Regulatory requirements describe what is necessary for a new drug to be approved for marketing in any particular country. . "CA gave us a central, authoritative system for our total IT GRC program," said Karen Wiltgen, director of IT governance and compliance at Manpower,a global leader in the employment services industry company. "Its role-based dashboards are particularly useful for monitoring IT risk and ensuring our ability to rapidly remediate issues as they arise." IT Control Automation Solutions CA's portfolio for IT GRC is further supported by a broad range of IT Capability Solutions that automate IT controls for security, information, and change: * Security controls safeguard IT resources and data through a combination of Identity and Access Management, Security Information Management, and Threat Management * Information controls safeguard the integrity of information assets and ensure their availability, even in the event of catastrophe, through a combination of Records Management and Recovery Management * Change controls safeguard IT services from being compromised due its own ongoing development and infrastructure management activities through a combination of Change and Configuration Management. CA has already demonstrated industry leadership in all of these areas. The company's upcoming Identity and Access Management (IAM IAM - Interactive Algebraic Manipulation. Interactive symbolic mathematics for PDP-10. ["IAM, A System for Interactive Algebraic Manipulation", C. Christensen et al, Proc Second Symp Symb Alg Manip, ACM Mar 1971]. ) r12 solution, for example, will provide enhanced compliance reporting for improved visibility into IT controls and easier compliance with relevant mandates across distributed and mainframe platforms, as well as improving security for service oriented architecture (SOA (1) (Start Of Authority) The first record in a DNS zone file. See DNS records. (2) (Service Oriented Architecture) The modularization of business functions for greater flexibility and reusability. )--important considerations in any long-term IT GRC strategy. In conjunction with this announcement, CA is introducing the beta release See beta version. of CA Security Vulnerability Manager (CA SVM SVM Support Vector Machines SVM School of Veterinary Medicine SVM Solaris Volume Manager SVM Space Vector Modulation SVM Storage Virtualization Manager (StoreAge) SVM Service Module (also abbreviated as S/M) ). CA SVM helps organizations measure compliance and manage risk by identifying vulnerabilities in software and configuration settings, linking them to critical business assets and facilitating remedial action A remedial action is a change made to a nonconforming product or service to address the deficiency. Rework and repair are generally the remedial actions taken on products, while services usually require additional services to be performed to ensure satisfaction. . CA customers seeking to leverage the expertise of experienced IT GRC professionals to more rapidly achieve IT GRC excellence can work with CA Services, as well as select CA partners. Pricing and Availability CA GRC Manager is available on a per-user basis. About CA CA (NYSE: CA), one of the world's largest information technology (IT) management software companies, unifies and simplifies the management of enterprise-wide IT. Founded in 1976, CA is headquartered in Islandia, N.Y., and serves customers in more than 140 countries. For more information, please visit http://ca.com. Copyright [c] 2007 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion