Governance, Risk and Compliance (GRC) Management is fast becoming the No. 1 topic of conversation in the enterprise identity field. Among the leaders in the space is San Jose’s Agiliance and I had the opportunity last week to chat with their new Vice President of Marketing, Patrick Kerans. 

<aside> Thanks to Liz Safran for bringing us together. I once called Liz the “punctuality-challenged, but always helpful PR princess,” but she was right on time with this one. And she’s a Red Sox fan. And she’s single, guys. </aside>

Kerans came to Agiliance from Counterpane Internet Security (now BT Counterpane), Bruce Schneier’s well-respected managed security company. He’s no stranger to the world of securing digital assets. And that’s generally how you can describe the GRC space – managing the organization’s digital assets in such a way that business gets done, regulations are complied with, and nothing that should be kept private is revealed.

Kerans was on the phone to let me know about the upcoming release of Agiliance IT-GRC 3.0. Well, “upcoming” at the time, but shipping now. He differentiated Agiliance’s offering from it’s competitors by talking about the new Enterprise Risk Management (ERM) module that enables organizations to model risk scenarios that encompass operational risks as well as traditional financial risks. 

In words only a Marketing VP could utter, he said: “By pulling opinions from multiple stakeholders via Web-based surveys and workshops, across multiple divisions and geographies, and integrated with automated IT risk data from underlying infrastructure, Agiliance IT-GRC 3.0 provides the holistic view and feature set required to implement effective Enterprise Risk Management programs.” That is, the service doesn’t rely on pre-packed data, or “sniffed and analyzed” packets but also actually involves the people who know the organization best to help design the GRC model that, in the end, is implemented.

It’s an interesting approach that requires the involvement of the business side of your organization. It might not be right for everyone, but if it is a good fit for you, then it will be a very good fit.

There’s a whole lot more to the product, of course, much more than we can review here so you’ll have to do that on your own. But it won’t be time wasted.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.