Agiliance IT-GRC Overview
Agiliance IT-GRC, the Leading Platform for Integrating IT Governance, Risk and Compliance
Agiliance is first to deliver an integrated IT Governance, Risk and Compliance software solution.
The Agiliance IT-GRC platform was designed, from the ground up to help IT organizations:
- Define, deploy and manage security policies aligned with corporate goals and objectives
- Measure and manage IT risk in accordance with the company's risk tolerance
- Achieve and maintain compliance with internal policies, industry mandates, applicable regulations
- Focus risk that matters and significantly reduce compliance costs
Quantifying and Managing Risk, the Foundation of IT Governance
The Agiliance IT-GRC software platform leverages an integrated architecture for risk, security and compliance management.
Through high-level executive dashboards and reports it provides full and continuous visibility into the IT risk and compliance posture of the organization
Agiliance's standards-based risk assessment and analysis engine quantifies security risk for all information assets and business processes. With Agiliance any control failure translates into an increase in the risk score of all affected and related assets and processes. Conversely, users can see risk scores decrease when they deploy new mitigating controls.
Agiliance rolls up lower-level metrics to generate single consolidated risk and compliance scores for any type and any level of aggregation: business processes, functional groups, business units, geographies, and the global organization.
High-level risk scores empower management to make more informed decisions, track IT risk levels against the organizations’ risk tolerance. Quantitative risk metrics help business process owners be accountable by enabling them to focus risks mitigation efforts on processes that matter most to the business.
Unifying the Silos of IT Risk and Compliance Management
Deploying the Agiliance IT-GRC platform can dramatically reduce the cost of achieving and maintaining compliance for organizations that are subject to many regulations and industry mandates..
Agiliance is helping companies which still use a tactical siloed approach to multi-regulatory compliance, transition to a holistic compliance strategy. This strategy takes a risk-based approach and implements a common policy and controls set based on industry standard frameworks.
The benefits are the elimination of many overlapping controls, reduced complexity, increased controls reliability, measurably lower compliance costs, in short, enhanced business performance. In simple terms, common controls means: test once, certify many.
Leading analyst firm Gartner reports that such a risk-based approach, combined with the implementation of a common standard control framework, results in a 30 to 70 percent reduction in the number of controls and associated compliance costs.
More Accurate Risk and Compliance Information
Agiliance is the only vendor to support the full scope of IT compliance management: people, processes and technology.
The Agiliance IT-GRC platform is also the only platform that integrates automated and survey-based mechanisms.
A common policy and controls set can be defined and used for both. Agiliance continuously calculates integrated risk and compliance scores that use the latest information available, whether it is the result of surveys sent to process owners or the result of continuous automated monitoring.
Agiliance risk and compliance scores are inherently more accurate than those obtained from either method alone.
Cost-Effective Automated Surveys and Automated Continuous Monitoring
Traditional risk and compliance assessments rely on surveys, typically performed annually by emailing a questionnaire to process owners. Agiliance simplifies and fully automates the survey creation and execution process. Customers report that Agiliance has dramatically reduced survey response errors, increased response quality, saved much time and cost. With Agiliance users can increase survey frequency, and thus identify and react more quickly to deviations and compliance violations, without incurring large additional costs.
More importantly, the risk assessment and compliance monitoring of many IT assets can be fully automated. This is particularly true for configuration management. With automation, customers can reap huge benefits: sustained compliance and dramatically lower costs. Agiliance can help customers transition from survey-based to automated continuous monitoring.
Broad Regulatory Coverage
Agiliance ships with a best-practices library of policies and controls mapped to the major standards-based frameworks (e.g. ISO 1799/27001, COBIT, NIST or FFIEC), to all key government regulations (e.g. Sarbanes-Oxley 404, HIPAA, GLBA and FISMA) and all industry mandates (e.g., SAS 70 and PCI). Agiliance specialists maintain and keep this library up to date for changes to existing regulations for new regulations. Customers who choose standards-based policies will experience the lowest cost impact when regulations evolve or when their industry becomes subject to additional regulations and mandates.
Ease of Adoption and Deployment
Agiliance IT-GRC is easy to set up. It requires no deployment of agents to monitor IT desktop and servers. A Wizard helps users quickly define a common controls set for multi-regulatory compliance, using built-in best practices policies and standards. Existing asset information is readily imported from existing sources such as Active Directory and most CMDBs and Agiliance will stay synchronized with the sources. Role-based management is supported, and access is from anywhere through a standard web browser. Agiliance demonstrates business value within hours of initial deployment.
Agiliance IT-GRC readily scales and can meet the needs of the largest organizations. It is an open system that was designed to leverage the many security and change management tools customers already have. It has full data import/export capabilities, is readily extensible and can be integrated with specialized or broader policy, risk and compliance management systems and tools.