CA made news this week with updates across its security and management product portfolios, but the software maker's work in governance, risk and compliance management in particular caught one industry watcher's eye.

Among some eight new and updated products (see slideshow of new and update CA software here) CA released a new version of its GRC (governance, risk and compliance) Manager.

"What I like most about CA's GRC Manager is its [project and portfolio management] roots. Many risk and compliance initiatives take a lifecycle approach without clearly defined outcomes," says Scott Crawford, a research director at Enterprise Management Associates. "Project management (and PPM by extension) is very different from that in defining measurable objectives as well as key milestones, and I think this could be a substantial differentiator for CA, particularly as IT risk metrics are still evolving, and many efforts are long on input-based measures (number of configuration parameters defined, for example) and short on outcome-based measures such as risk management performance."

The software helps audit and IT professionals create, maintain and approve compliance policies. The application can define, manage and analyze key performance indicators as well as key risk indicators to help IT professionals measure current performance and risk levels. It also alarms IT to poor performance or potential risks triggered by thresholds and events.

Version 1.5 now includes policy management capabilities that include full policy lifecycle management, including creation, maintenance, approval and communication. GRC Manager 1.5 also now features automated testing and cost tracking for specific compliance programs such as Sarbanes-Oxley, HIPAA and others. CA also integrated the software with its new application CA Security Compliance Management. 

While CA came late to the game and could face tough competition in the GRC market from companies such as Symantec and IBM, putting PPM know-how to work here will benefit CA in the long run. CA's prowess in IT service management (ITSM) and service-level management (SLM) could also help the vendor catch up more quickly to competitors.

"ITSM and SLM are domains that specifically link business values and business input in defining measurable IT outcomes and could likely set meaningful precedents in IT GRC," Crawford says. "CA's strengths in IT management coupled with a PPM approach to this could be very influential on the evolution of the IT GRC market."

Denise Dubie is senior editor with Network World.