Loading in 2 Seconds...
Loading in 2 Seconds...
Microsoft Governance, Risk and Compliance Management Suite. Marilee Byers Director, Corporate Finance Jerry Leishman Senior Program Manager Compliance Solutions. Presentation Goals. What is Microsoft GRC Story Risk and Compliance Management Suite Overview Demo How to get involved?
MicrosoftGovernance, Risk and Compliance Management Suite Marilee Byers Director, Corporate Finance Jerry Leishman Senior Program Manager Compliance Solutions MICROSOFT CONFIDENTIAL
Presentation Goals • What is Microsoft GRC Story • Risk and Compliance Management Suite Overview • Demo • How to get involved? • Q&A
Microsoft GRC Solution Areas Excel Server 2007 Regulatory Compliance & Controls Risk Analytics & Reporting Document & Records Management Security & Privacy Business Continuity Bit Locker
Service Manager - The Power is in the Integration Compliance and Risk IT Business Intelligence Asset Management Self Service Incident and Problem Change Knowledge Base SERVICE MANAGER PLATFORM Workflows Data Warehouse CMDB Automate and Deploy Capacity and Utilization Inventory and Usage Alert Management CONNECTORS Active Directory MICROSOFT CONFIDENTIAL
GRC Taxonomy Program
Tech Churn Governance, Risk & Compliance PROBLEM / OPPORTUNITY $1 Trillion (US) Policy Churn Compliance & Risk PMP & IT Compliance Mgmt Toolkit ~ 350 Authority Docs in UCF ~24K Requirements GRC Authority Docs (Requirements – Sox, eSox PCI, ITIL, HIPAA, Cobit, etc) Business Risks & Objectives (The What/Requirement- e.g. Complex Password) Harmonized Framework ~ 2400 Unique Controls • CONTROL OBJECTIVES • (People, Process, Technology) System Center WS 2008 Windows 7 MS and Non-MS Technology ~139 Satisfied by WS Control Activities Technical Goal (The How) Test Automation Validation Reporting & Corrective Actions Continuous Monitoring & Reporting GRC Incident/ Issue GRC Report GRC Dashboard
Compliance and Risk PMP • OOB PMP for Svc Mgr that offers: • GRC Program Management • Control Management • Risk Management • Policy & Procedure Mgmt • GRC Incident Management • Excel, SharePoint integration • By extending Service Manager with: • New item classes and relations • Forms, views, dashboards • Reports • Web parts • And acts as a host for: • UCF controls & mappings (built-in for IT GRC) • 3rd party control activities and workflows, such as: • Microsoft IT Compliance Mgmt Library • Partner knowledge libraries Control activities in the library are like templates, they are copied and customized by the customer. Copies apply to a collection of hosts or services in their environment.
GRC Management Suite Architecture Svc Mgr Console SharePoint Portal Compliance Managers Compliance Users Target Hosts GRC Config Packs IT Compliance Management Library (MS, customer or partner) SM Data Warehouse Control Activity Library Policy Library Risk Library Test Automation Framework Risk Library Compliance and Risk Reports Compliance and Risk Process Management Pack Connectors (Linking Fx) GRC Mgmt Packs Document Management Doc Types: Authority Docs Policy Docs Control Management GRC Incident Management Knowledge Library MS, Customer & Partner Knowledge Libraries UCF Control Library Partner Knowledge Libraries Program Management Risk Management GRC LOB Packs Incident Management Problem Management Change Management Configuration Management SAP, Oracle, etc Connector GRC Infra Packs C&R PMP IT Library System Center Linux, Unix, Etc
Business Partner Perspective • Objectives • Support Compliance Programs • Improve integration with automated controls • Migrate to one GRC platform to leverage compliance efforts across the company • Engagement • Provide business requirements • Provide iterative input to design and configuration • Balance Microsoft specifics against more general needs • Anticipate pilot program in FY11
Product Release Schedule • Currently in Public Beta • Based on Service Manager Beta 2 • Future • Release Candidate - April 2010 • RTW Target –60 days after Service Manager RTM (CY2010-Q3)
Opportunities to get Involved • Provide feedback directly to Microsoft • Download and Evaluate Solution • Join TAP and RDP Programs • MS Demo to your organization • Schedule 1 Hour Live Meeting • Participate in MS GRC Summits • Provide Customer voice and influence MS
How to Get Connected? • Download and Evaluate Solution • https://connect.microsoft.com/SelfNomination.aspx?ProgramID=2733&pageType=1&SiteID=446 • Join the RDP early adopter program • Contact Jerry Leishman (email@example.com) • Become a GRC Partner (ISV, SI, Consultant, Trainer) • Contact Jerry Leishman (firstname.lastname@example.org)