Compliance has been one of the dominant themes in the post-Enron age of corporate IT. Many software providers tout their offerings as solutions for complying with the Sarbanes-Oxley Act (SOX) and every other regulatory mandate, industry best-practices framework and corporate internal policy.

As a product segment, compliance has defied easy definition and been dominated primarily by point solutions. Compliance-related offerings range across many established niches, including business intelligence, corporate performance management, business process management, identity and access management, application security, change management, risk management, auditing and archiving.

However, over the past year, a new IT product segment has emerged — governance, risk and compliance (GRC) management — that integrates compliance point solutions into comprehensive, service-oriented architecture (SOA)-enabled enterprise suites. Fueling this trend is the growing realization that companies cannot have one stovepipe GRC management infrastructure for each mandate, but must leverage a single infrastructure across all initiatives. Each new investment in compliance-enabling technologies must integrate through SOA into the company’s core GRC management platform.

The most noteworthy recent development in GRC management was SAP’s late-2006 launch of a comprehensive, modular product platform to address a wide range of GRC requirements. Essentially, SAP validated GRC management as an important new enterprise software platform. At the same time, through its product announcements, the vendor has provided an architectural blueprint for the core GRC management functionality: monitoring, verification and optimization of business controls that have been expressed as structured workflows.

First and foremost, SAP provides a GRC management repository that centralizes compliance frameworks, mandates, policies and rules. It also provides a GRC process tool for modeling enterprise controls, executing the associated workflows and enforcing compliance. Its GRC platform includes a compliance dashboard, which provides a high-level rollup and enables detailed drill-down into key business risks across multiple enterprise levels, organizational entities, business processes and IT infrastructures. SAP’s platform enables automatic aggregation of enterprise business-process risks, provides supporting evidence of compliance, pinpoints control violations and enables prioritization of corrective action. It also includes collaborative tools, role-based views and configurable alerts to support operational enterprise risk management involving process stakeholders.

Whitepapers

• Monitoring and Managing App Performance
• Monitoring and Managing VoIP
• SNMP Monitoring: One Critical Component to Network Management
• SNMP Monitoring: One Critical Component to Network Management
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange

View more NETWORK MANAGEMENT whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Tips and Techniques for Remote Data Backup and Delivery
• WAN Optimization Landscape
• Lowering the Cost of Email Archives
• The High-Touch Remote Helpdesk: Centralized Support for the Decentralized Organization

View more NETWORK MANAGEMENT webcasts

Special Reports

• Network World Executive GUide: The Virtualization Equation
• Application Performance Management Executive Guide
• Executive Guide: Building a Service Oriented Architecture
• Optimizing Your Network Management Strategy for Today's Economy
• Get More From Your WAN
• Executive Guide: Storage Heats Up

View more NETWORK MANAGEMENT special reports