Products


“We are looking to Agiliance to raise the quality of our risk assessments while reducing the time and cost needed to complete them.”
E. Moskowitz
Corporate Information Security
State Street Corporation

Overview

Agiliance IT-GRC is the first “purpose-built” software platform to provide top down visibility into all IT risk and compliance functions using data gathered from throughout the organization. Agiliance IT-GRC overcomes limitations due to information silos and fragmented responsibilities for measuring risk and enforcing compliance.

Agiliance IT-GRC 3.0

IT GRC Engine

Agiliance IT-GRC 3.0 software platform is offered in two editions:

  • IT-GRC Enterprise Manager 3.0 – for enterprises needing a foundation for automated IT GRC, Manager provides out-of-the-box, easy-to-deploy solutions including Risk Assessments, Policy and Compliance Management, and Vendor/Partner Assessments. Key features include:

    • The Agiliance Managed Asset Repository storing all monitored assets including IT servers, applications, processes, vendors/partners, or other elements of business operations as needed, provides automated reconciliation of data gathered from E-Surveys and Agiliance Connectors.

    • Agiliance Common Control Framework – providing automated mapping of every major regulatory and mandate requirement for standard and custom controls, encompassing  the widest available set of regulations (SOX, HIPAA, GLBA, FISMA, and others), industry mandates (PCI, SAS70, FFIEC, and others), and standard control frameworks (ISO17799/27002, NIST, COBIT, and others.)

    • The Agiliance Operation Risk Management Engine providing operational risk scoring of controls down to the sub-control level across all 10,000+ controls in the Common Control Framework.

    • Agiliance E-Survey Engine for conducting risk and compliance assessments both inside and outside the organization.

    • Agiliance Connectors and Open Connector Architecture providing automated, agentless data gathering from and bi-directional communication with the widest range network security and change management sources in the industry including scanners, SIM/SEMs, directories, CMDBs, Identify Management systems, Segregation of Duty, and other systems.

  • IT-GRC Enterprise Suite 3.0 – for enterprises anticipating larger-scale risk and compliance programs, Suite delivers all Manager 3.0 features but with a larger number of monitored assets, vendor and partner assessments, and automation connectors.

Value Added Modules – Leveraging Risk Management and Automated Controls

Agiliance IT-GRC provides the most comprehensive risk management engine available today including in addition to the Operational Risk Management engine included in the Manager and Suite products:

  • Key Risk Indicator (KRI) Module – for enterprises seeking to identify and monitor KRIs for their IT function and beyond, KRIs available from the Risk Management Association (RMA) and other sources enable rapid identification of what matters most and the means to monitor it easily.

  • Enterprise Risk Management (ERM) Module – for enterprises seeking to anticipate potential threats using COSO or AS/NZ 4360 standards and apply and monitor controls to address identified threats to the IT function or organization.

  • Controls Automation Module – for enterprises seeking to address SOX, PCI and other requirements for application controls including ERP and financial applications, as well as IT systems compliance including databases and operating systems.

Agiliance IT-GRC 3.0 allows enterprises to:

  • Calculate business risk and return on investment associated with the application of controls to protect critical information and network operations in terms of confidentiality, integrity, and availability (CIA) as well as broader threats such as loss of business reputation or the risk-costs associated with mergers and acquisitions.

  • Dramatically lower the cost of compliance and internal audits by as much as 70% to 80% though the use of automated surveys, data collection, report generation, project management monitoring and intervention, mitigation prioritization, “testing once to comply with many” regulatory requirements, and other automation benefits.

  • Establish resilient common controls for the organization industry standard frameworks and best practices and unique internal requirements that can be updated and managed over time.

  • Discover and define critical assets and related information for the organization.

  • Identify threats and vulnerabilities associated with critical assets and determine the controls necessary to mitigate future threats.

  • Scale assessments into the thousands of assets over time, as necessary to comply ever expanding compliance requirements, business expansion and other drivers for greater IT risk coverage.

  • Provide top down visibility into the risk and compliance process using custom dashboards and reports specific to the organizations unique needs for understanding risk tolerance, assessment status, ROI, and answers to the questions:

    • How much risk is too much?
    • How much investment in compliance and security is enough?
    • How much leverage from existing security and network management tools is enough?
Live Demo Sign Up

 

Agiliance IT-GRC 3.0 Datasheet
1750 KB
Download

 

Agiliance ERM Module Datasheet
1,113 KB
Download

 

Agiliance KRI Module Datasheet
720 KB
Download

 

Agiliance Controls Automation Module Datasheet
556 KB
Download