Friday, April 15, 2016

GRC Roundtable

A brief collaboration of nearby (brand name) industry leaders at various (earlier stages) of the GRC journey for their organization...hosted by PwC
Very participative discussion with highlights / notes below:

  • Leading product mentioned were Archer (of course), RSAM, ServiceNow, MetricStream, Protiviti, ACL
  • Key question raised was requesting and formulation of requirements from all GRC participants i.e. Stakeholders, end-users 
  • Determining what processes require inclusion is vital to the strategy and success of a GRC solution...as well as obtain professional services at pivotal points
  • No single executive sponsor witnessed to drive solution from strategy to deployment - which results from high cost of investment for a comprehensive/cross-departmental deployment. 
  • Essential fact is that, demonstrating success within your own/individual deployment or department will break the barriers with others / cross-divisional lines
  • Considerations with existing platforms such as company ERP, ERM, Security Practice can greatly influence requirements, architecture, support, etc.
  • Off-line feature can be essential when working remote or due to other limitations.  However, off-set mobile capabilities are still in its infancy 
  • GRC delivers metrics, reflection of trends and operational status; however, decision making, ROI and particularly risk reduction is a future state.
  • Multiple (GRC) toolset is the norm so set your expectations and plan accordingly for integration i.e. a single solution is highly unlikely
  • To achieve "sexy" or comprehensive dashboards for C-Suite levels to Managers to End-Users require other visualization tools.
  • Not accessing change management for deployment and daily usage will hamper implementation and longevity 
  • Data privacy (access, storage) is a concern for global organizations although most are turning to cloud based solutions (that offer better product/service support and customer accessibility)
  • Product mobility and accessibility is a need, yet 2+ years away from general use/release e.g. leverage GRC for operational efficiency via mobile devices is just a wish for now regardless of marketing slides
Can't wait to compare notes throughout this journey

5 comments:


  1. Untersuche die aktuellen Bedrohungen im Bereich der Cybersicherheit und ergreife Maßnahmen, um deine Kenntnisse zu erweitern. Laut einer Studie des Bundesamts für Sicherheit in der Informationstechnik (BSI) sind über 60% der Unternehmen in den letzten Jahren Opfer von Sicherheitslücken geworden. Eine fundierte Ausbildung als BSI IT-Grundschutz Praktiker oder Berater kann helfen, solche Risiken effektiv zu minimieren. Dabei ist es wichtig, stets auf dem neuesten Stand der Technik zu bleiben und sich regelmäßig weiterzubilden; Plattformen wie csvisor bieten hierfür wertvolle Ressourcen. So kannst du nicht nur Sicherheitsstrategien entwickeln, sondern auch spezifische Schwachstellen identifizieren und beheben.

    ReplyDelete