FFIEC News

CA Announces Comprehensive Solution for IT Governance, Risk, and Compliance

(Oct 04, 2007)-- CA unveiled a comprehensive solution for empowering IT organizations to achieve their increasingly challenging and business-critical governance, risk and compliance (GRC) objectives. The solution features CA GRC Manager, an innovative product that provides portfolio management of IT risks across the enterprise, as well as CA’s industry-leading IT control automation solutions.

Proliferating regulatory activity and the demands of investors are generating greater pressure on businesses of all types to improve their GRC practices. As the steward of enterprise information, IT organizations are especially subject to these pressures, and bear a disproportionate level of cost, effort and risk in responding to these mandates.

Unlike IT GRC solutions that offer tabular, report-based policy management, SOX compliance or risk assessment tools, CA GRC Manager is the industry’s only visual portfolio-based solution. This helps companies effectively organize and prioritize how they will stay in compliance and be under acceptable risk thresholds for the least amount of labor. The concept of a portfolio view is analogous to financial portfolio management, where a portfolio enables measurement and objective evaluation of investment scenarios. With CA GRC Manager, the IT risk portfolio is modeled to fit the desired risk posture of the organization. CA GRC Manager is also the only IT GRC solution that includes rich project management capabilities to ensure that optimal remediation plans are produced, communication barriers are eliminated and IT compliance projects are executed effectively.

“To fulfill their continually escalating GRC requirements, IT organizations need to adopt a portfolio-based approach that is cohesive, highly disciplined, and well-automated,” said Jacob Lamm, executive vice president and general manager at CA. “By providing a powerful technology foundation for implementing such an approach, CA is enabling customers to successfully cope with regulatory pressures while controlling costs.”

CA GRC Manager also enables customers to map their diverse IT risks and controls to specific legislative mandates, industry regulations, and corporate policies. This cross-referencing helps eliminate the organizational “silos” that commonly lead to redundancies, inconsistencies, and gaps in IT GRC. And, with a global repository of IT risks and control information, CA GRC Manager replaces the unsustainable mix of multiple systems and ad-hoc spreadsheets, charts and documents used to handle IT risk and controls in many organizations today.

“Every organization knows that it has serious GRC issues, but no organization has unlimited resources to devote to those issues,” said Richard Ptak, Managing Partner, Ptak, Noel & Associates. “The tools that CA is providing to help managers maintain alignment between resource allocation and business risk are therefore extremely crucial to the success of its customers’ GRC initiatives.”

CA GRC Manager also includes the Unified Compliance Framework, which maps an “out-of-the-box” set of more than 4,000 control objectives to 280 standards and regulations such as COBIT, COSO, NIST, ISO17799:2005, SOX, HIPAA, PCI and NERC. It is fully configurable and extensible to other GRC libraries. This combination of packaged functionality, configurability and extensibility accelerates the creation, approval, and maintenance of GRC policy-and-procedure documents and helps organization correlate their policies to ongoing changes in regulatory requirements.

CA has already demonstrated industry leadership in all of these areas. The company’s upcoming Identity and Access Management (IAM) r12 solution, for example, will provide enhanced compliance reporting for improved visibility into IT controls and easier compliance with relevant mandates across distributed and mainframe platforms, as well as improving security for service oriented architecture (SOA)—important considerations in any long-term IT GRC strategy.

In conjunction with this announcement, CA is introducing the beta release of CA Security Vulnerability Manager (CA SVM). CA SVM helps organizations measure compliance and manage risk by identifying vulnerabilities in software and configuration settings, linking them to critical business assets and facilitating remedial action.

Share or bookmarklet this web page at: