Press Release

AGILIANCE IT-GRC 3.0 BREAKS BARRIERS IN ACTIONABLE, END-TO-END, AUTOMATED IT RISK AND COMPLIANCE MANAGEMENT

Oracle-Agiliance-sponsored CIO-CISO Forum at Information Security Decisions Conference Highlights IT-GRC Market Maturity

San Jose, California, November 6, 2007–Agiliance, the leading provider of IT governance, risk, and compliance (IT-GRC) solutions, today announced the general availability of Agiliance IT-GRC 3.0. By expanding integrated IT risk assessment and management capabilities, and adding enhanced automation and additional integration with third party systems to its flagship product, Agiliance has broken new ground: IT-GRC 3.0 enables organizations to proactively account for changes in their risk profile as their underlying IT infrastructure, processes, applications, and users change. Agiliance IT-GRC was built to eliminate the risk and compliance information silos that result in operational inefficiencies and inadequate risk measurement. Version 3.0 links IT risk to overall enterprise risk and delivers the process and policy automation required for real-time risk and compliance management. With these enhancements, Agiliance has delivered an industry first: a fully automated IT-GRC solution capable of managing the entire IT risk and compliance lifecycle.

In separate releases issued today, Agiliance announced that the company has recruited a board of advisors, and that media giant Tech Target honored Agiliance as a “rising star” at its Information Security Decisions conference, held in Chicago on November 5 and 6.

“Because we are a pure-play e-commerce-based business in a heavily regulated industry, our IT infrastructure must be secure and able to support millions of transactions at all times,” said Oliver Eckel, head of corporate security, Bwin Interactive Entertainment AG. “What makes Agiliance so useful to us is that it gives us centralized access, management and control of both manual and automatic controls. That single process improvement, in and of itself, provides us with a much more efficient, productive management capability. Moving forward, we intend to leverage Agiliance to be our security management ‘cockpit’ and expect to realize substantial operational and strategic advantages by doing so.”

“Whatever the level of risk sophistication of the greater organization, when choosing controls, IT planners should make cost-benefit decisions based on realistic assessments of risk…IT application specialists should familiarize themselves with the different forms of risk management technology so they can actively seek opportunities to support the automation of risk management tasks throughout the organization,” said Gartner, Inc analysts French Caldwell, Kris Brittain, Jay Heiser, John Bace and Christine Adams in a December 2006 report titled Predicts 2007: Building Business Value With Risk Management, Ethics, Governance and Compliance..

3.0 Enhancements Deliver End-to-End IT Risk and Compliance Management
Until now, IT risk and compliance management solutions have been highly customized, implemented by consultants, or point solutions focused on vulnerabilities, security events, or processes in isolation. Agiliance IT-GRC 3.0 overcomes the barriers to effective IT risk and compliance management caused by information silos, operational inefficiencies, error-prone, manual processes, and disparate risk measures by adding automated risk management based on standard enterprise risk management (ERM) methodologies and customizable key risk indicator (KRI) dashboards. 

Because the dynamic nature of risk can impact regulations, competition, legal liability, and corporate governance, Agiliance IT-GRC 3.0 offers a robust ERM module that enables organizations to model risk scenarios that encompass operational risks as well as traditional financial risks. By using web-based surveys and workshops to gather opinions from multiple stakeholders across multiple divisions and geographies and combining the results with automated IT risk data from the underlying infrastructure, Agiliance IT-GRC 3.0 provides the holistic view and feature set required to implement effective ERM programs based on COSO ERM and AS/NZ 4360 standards.

KRIs allow organizations to rate IT-related decisions the same way they do financial decisions—as low-, medium-, or high-risk options. By creating a consistent, enterprise-wide context for understanding risk, executives can immediately and strategically act on performance and security-related trends in the IT infrastructure. Agiliance KRIs change automatically as the underlying IT infrastructure, processes, applications, and users associated with them change. When a scanner identifies a vulnerability, risk increases; as it is fixed and the ticket closed, risk decreases. When configuration changes increase rapidly, risk increases and then decreases gradually over time. Based on industry standards, Agiliance IT-GRC’s risk management modules let users know what to look for in best risk management practices as well as a means to monitor performance. 

Other key enhancements to Agiliance IT-GRC 3.0 include:

• Automated asset classification and risk profiling embeds risk context into asset classification surveys, giving organizations a standardized way of assigning a risk profile to each IT asset.

• Manual control assessments, based on electronic surveys, correlated with automated control checks to aggregate and correlate manually collected data with automated data from existing tools and infrastructure, providing more complete, reliable risk reporting and automated compliance reporting.

• Automated controls based on live data from configuration, identity and security tools provide 30-60 percent of all risk and compliance reporting for the enterprise when managed by Agiliance IT-GRC.

• Closed-loop risk assessment workflow from surveys to remediation provides full lifecycle IT risk management; a customizable workflow ensures identified risks are tracked through their lifecycle from known to mitigated risks.

• Content additions to the Common Control Framework (CCF) map regulations to standard controls to policies, best practices, and other content, ensuring that as IT needs and regulatory requirements change, organizations can appropriately manage those changes across the existing control environment. Additions to Agiliance’s already vast CCF library bring its total control count to more than 29,000, and additional automation simplifies controls management and asset assignment.

• Unique policy attestation, version tracking, and exception management enable policies to be sent to employees in survey form for them to read, attest, and be quizzed on (if required). Version tracking allows policies and controls to be added without losing previously established policy and control statements; customers can continue assessment on different versions while working on newer versions for future assessments. Policy exception management features a customizable workflow that manages policy exceptions along with associated risks, assets, time period, and approval.

“By harnessing innovation through the lens of practicality, Agiliance has delivered a unique, high-value solution for managing IT governance, risk and compliance,” said Prasenjit Saha, vice president at Wipro Technologies. “Our customers rely on us to strike the right balance between leveraging what they have and delivering what they need. Agiliance IT-GRC helps us extract maximum value out of our customers’ existing IT infrastructure and be extremely precise about what’s required for them to be both secure and compliant. This furthers Wipro’s ability to align business and technology through improved process efficiency, reduced cost, and enhanced business value of IT.”

“With Agiliance IT-GRC 3.0, we have broken the barrier and delivered true end-to-end risk and compliance automation for the enterprise,” declared Patrick J. Conte, CEO, Agiliance. “Until now, available solutions have focused on either IT process automation or automating discrete components of IT risk and compliance process management. With industry leaders such as Bwin, E*TRADE, and others telling us Agiliance has helped them implement an effective methodology for managing risk and compliance on a daily basis, we know we are on the right track, and we have already received feedback from customers and prospects telling us that we have hit the ball out of the park with Agiliance IT-3.0.”

Pricing and Availability
Agiliance IT-GRC 3.0 is available immediately. Entry-level pricing starts at $75,000 and includes a limited set of capabilities for companies looking for help managing risk and compliance associated with one regulation for 100 applications, and minimal integration with existing products. For more information on Agiliance IT-GRC, please visit www.agiliance.com/products or email sales@agiliance.com.

About Agiliance
Agiliance offers the most comprehensive and scalable solution for managing the interdependent disciplines of IT governance, risk, and compliance. Its flagship product, Agiliance IT-GRC, enables businesses to develop a holistic view of their IT risk and compliance posture in order to make better business decisions. The Agiliance IT-GRC platform is the first solution that combines a robust common control framework with sophisticated policy management, workflow, and automation, providing internal and external stakeholders with a highly effective, transparent methodology for reducing IT-related risk while increasing operational efficiencies and decreasing time to compliance. Founded in 2005, Agiliance is headquartered in San Jose, California, and backed by Walden International, Intel Capital, SVIC, and Red Rock Ventures. For more information, please visit www.agiliance.com.

# # #

All trademarks, trade names, and/or product names are used solely for the purpose of identification and are the property of their respective owners.

Media Contact
Elizabeth Safran
Bottom Line Communications
408-348-1214
lizsafran@gmail.com