News & Events


Press Release

Agiliance Announces Agiliance IT-GRC&Trade;, Industry&Rsquo;S First IT Governance, Risk and Compliance Solution

Agiliance IT-GRC™ Selected by Leading Global Companies to Manage IT Risk, Lower Security Compliance Costs

Mountain View, California, January 31, 2007 —Agiliance, a leading provider of IT Governance, Risk and Compliance (IT GRC) solutions, today unveiled Agiliance IT-GRC™, the first integrated platform designed to manage the interdependent disciplines of information technology governance, risk and compliance management. Unlike generic GRC solutions, this is specifically designed for Information Security organizations that have initiatives to reduce IT security risk and lower the cost of multi-regulatory compliance, while leveraging standards such as ISO 17799/27001, COBIT-4, FFIEC and NIST SP800-53.

Agiliance IT-GRC is an innovative, comprehensive solution that enables global enterprises to define and manage security policies, measure and manage risk, use standards and automation to lower costs, and achieve sustainable compliance with multiple regulations, industry mandates and internal policies.

“Through 2011, companies that pursue an integrated strategy of a risk-oriented approach to compliance, standardization of controls and automation will reduce the scope of manual process controls by 70 percent and will get the most collateral business value from their compliance investments” according to a Gartner report (The 2006 Planning Guidance for Compliance: Risk- Orientation, Standardization and Automation By French Caldwell, Christine Adams, Tom Eid).

Need for an IT GRC Platform

Analysts and industry thought-leaders agree that Governance, Risk and Compliance are closely coupled and best managed with an integrated GRC platform. General-purpose GRC platforms, however, are ill-suited to meet the specific needs for IT security risk and compliance management. Agiliance is the first to deliver a purpose-built IT GRC platform that supports the key IT concepts of assets, information security, technical controls, automated testing and IT standards.

Agiliance IT-GRC unifies the management of the three interrelated disciplines in a single powerful product:

  • IT Governance, at the strategic level, is where corporate objectives and policies are set with respect to acceptable levels of risk and to meeting specific industry mandates and government regulations. Agiliance IT-GRC provides all the necessary facilities for security policy definition and lifecycle management as well as management of controls – all based on frameworks such as ISO 17799/27001, COBIT-4, FFIEC and NIST SP800-53.
  • IT Risk Management focuses on assessing and managing security and compliance risk. Agiliance IT-GRC implements a robust security risk assessment workflow and quantifies risk by integrating the effectiveness of controls, relevant threats and vulnerabilities, and the potential impact of a security breach on business performance.
  • IT Compliance Management, at the more tactical level, ensures that appropriate actions are being taken to execute on Governance objectives and policies based on stated risk tolerance. As the only solution that seamlessly integrates survey-based and automated monitoring, Agiliance IT-GRC tests and enforces technical and business controls to mitigate risk, ensuring that internal policies as well as industry and regulatory requirements are satisfied.

“Security, Compliance and IT Risk Management initiatives may be owned by different organizations but leverage the same underlying processes,” said Ken Newman, Vice President Security at American Savings Bank. “Each one requires IT-governance based policies and controls which are ideally based on standards such as COBIT and FFIEC, and each requires ongoing assessment and remediation. In addition, security and compliance are an integral aspect of a company's risk picture. An integrated offering significantly decreases costs and redundancy, improves collaboration between departments, and discourages organizational silos. We found the Agiliance IT-GRC platform to be the first solution that integrates these disciplines effectively in a compelling fashion.”

“We are honored to be working with leading organizations for their IT Risk Management and Compliance initiatives,” said Pravin Kothari, founder and CEO of Agiliance. “The future belongs to solutions that bring security policy management, standardization of controls, compliance and risk management together into one integrated and automated framework – IT-GRC. While various first generation solutions currently used in the industry only solve a part of the problem, Agiliance now delivers a complete solution.”

Quantifying and Managing Risk for Better Governance

Most organizations understand the benefit that risk metrics provide in making more informed decisions, including for security and compliance management. Many, however, lack well defined methodologies based on standards such as COSO ERM or NIST SP800-30.  Risk assessment, when performed, is commonly done by sending surveys to process owners via email and responses are consolidated in Excel spreadsheets. This manual approach takes inordinate amounts of time to complete and the results are error-prone and unreliable. Moreover, such a labor-intensive approach cannot scale, forcing the organization to assess risk on a small subset of their assets on a less frequent basis.

Leading analysts agree with this issue. “The regulatory and controls environment is so complex that, absent technology, maintaining an ongoing program for the assessment and mitigation of regulatory and other risks is not feasible,” according to a Gartner Group report (How to Implement a Risk-Oriented Approach to Compliance, French Caldwell and Paul Proctor, August 2006).

Agiliance IT-GRC addresses this issue head on. It implements a best-practices standards-based risk assessment and management methodology. It replaces labor-intensive manual risk assessment surveys with automated processes and a workflow that supports management escalation and exception request handling. Agiliance’s advanced risk analysis and correlation engine generates high-quality risk scores that integrate all relevant security, threat, vulnerability and incident information, including information generated by 3rd party security tools customers have deployed. Agiliance associates controls and compliance status with risk metric. Should a control fail, Agiliance increases the risk score of the affected assets and propagates the risk to the risk scores of all dependant business processes. These capabilities enable the organization to assess risk on a very large pool of their assets on an ongoing basis.

Achieving and Maintaining Sustainable Multi-Regulatory Compliance

In addition to internal policy objectives, IT organizations are subject to an ever increasing number of government regulations such as Sarbanes-Oxley (SOX) 404, GLBA and HIPAA, and to various industry mandates such as FFIEC, PCI or ITIL and more. Analyst surveys reveal that most organizations handle multiple regulations as independent projects, entrusting them to separate teams. While effective in meeting compliance, this silo approach is hugely inefficient because of the very large overlap between many regulations and industry standards. A silo approach to compliance results in many redundant controls, unnecessary complexity and, of course, bloated compliance costs.

Agiliance IT-GRC helps customers eliminate silos through the implementation of a common control framework based on standards such as ISO 17799/27001, COBIT-4, NIST SP800-53 and others. Common controls allow customers to test once, certify many mandates. The Agiliance platform ships with a vast content library of best-practices policies and controls, mapped to all major regulations and industry standards. Users can take advantage of the pre-defined policies and controls to quickly and easily implement a robust, standard-based, cost-effective compliance model that meets internal objectives and satisfies regulators.

Agiliance also allows users to automate the deployment, monitoring and enforcement of policies and controls for assets that can be automated, which includes most computing assets. By enabling automation, users can further reduce risk and cost, and transition to continuous sustainable multi-regulatory compliance.

Full Visibility Across the Global Enterprise

Global enterprises spend millions of dollars on a multitude of fragmented compliance and information security programs. While each may be effective, executive management often lacks a consolidated view of the organization’s overall risk and compliance posture, and cannot tell how the many isolated efforts align in achieving high-level goals and business objectives.

Agiliance IT-GRC provides the visibility that empowers management to act and make more informed decisions. Agiliance rolls up lower-level metrics to generate high-quality, consolidated risk and compliance scores for any level of aggregation. Executive dashboards provide instant and full visibility into the relative IT risk and compliance posture and trends for divisions, business units, geographies and the whole organization. With this information, management can track risk and compliance levels against the organization’s risk tolerance and focus attention on risk that matters most to business.

In addition to enhancing executive governance with aggregated risk and compliance metrics, Agiliance IT-GRC fully addresses the needs of internal auditors, risk analysts, security and compliance managers. Agiliance IT-GRC dashboards and reports can be defined based on user roles, and users can drill down to any desired level of detail. Reports mapped to specific regulations and standards can be generated on demand and used as evidence for internal or external audits.

Availability

Agiliance IT-GRC is generally available.


About Agiliance

Agiliance offers the most comprehensive and scalable solution for managing the interdependent disciplines of governance, risk, and compliance. Its flagship product, Agiliance IT-GRC, enables businesses to develop a holistic view of their IT risk and compliance posture in order to make more informed decisions that improve operational efficiencies and reduce IT related risk.

The Agiliance IT-GRC platform is the first solution that combines a robust common control framework with sophisticated policy management, automation of the assessment process, integration with existing configuration systems, and process workflow capabilities, delivering internal and external stakeholders with consistent, reliable data in an intuitive manner to ensure cohesive ongoing GRC management.

Founded in 2005, Agiliance is headquartered in San Jose, California and is backed by Walden International, Intel Capital, SVIC, and Red Rock Ventures. For more information, please visit Agiliance at www.agiliance.com.

# # #

All trademarks, trade names, and/or product names are used solely for the purpose of identification and are the property of their respective owners.

Media Contact
Elizabeth Safran
Bottom Line Communications
408-348-1214
lizsafran@gmail.com

Live Demo Sign Up
 
 
// Google Analytics tracking scripts // eTrigue tracking scripts // eloqua tracking scripts