eGestalt Technologies SecureGRC Enterprise

Powered by SC Magazine
 

SecureGRC is a cloud-based automated IT security and compliance management solution.

 

SecureGRC supports both a security centric and full blown IT-GRC platform. The offering comes complete with an easy-to-use compliance-management framework, context-based inference engines, alert processing and easy-to-use logging and monitoring solution. The tool features easy-to-adopt and ready-to-use compliance management frameworks, as well as context-based inference engines. In addition, SecureGRC features alert processing along with logging and monitoring capabilities.

Available in Enterprise and SB (small business) editions, SecureGRC is a cloud-based, SaaS-delivered security and risk assessment, auditing and remediation application. It is generally sold through its reseller channels. All data is stored in a SaS 70 Type II secure data center and no electronic record information is removed from a client site.

SecureGRC contains ready-to-use compliance control kits for PCI-DSS 1.2, ISO 27001/27002, COBIT, Sarbanes Oxley, HIPAA/HITECH, Gramm-Leach-Bliley Act, and other country-specific frameworks. 

The tool provides real-time status on the current state of security and compliance and then offers a checklist of questions that guides the process along, asking for proof of documentation to fulfill the compliance request.

No prior knowledge of any particular compliance regulation is necessary in order to use SecureGRC. As a hosted solution, the interface is a web browser. Older browsers are not supported. The user interface is fairly easy to decipher with pull-down selections for customized assessments, controls, risk ratings and more. Users simply follow the application's list of instructions, upload the required documents and the system in the end will generate a report that can be presented to auditors to prove compliance. There is a substantial amount of prepopulated content around the regulatory and compliance standards listed above. Setup requires one to establish user accounts and provision them based on required levels of access. One then selects the templates needed for creating assessments from the list, customizes as necessary and publishes the assessment. Emails are sent to the users with their credentials for accessing the assessment questions.

There is a closed-loop review process where the auditor can ask for additional information to complete the assessment. Once this process finishes, the compliance reports are generated. One doesn't have to be highly technical to use the tool. There is a sensible knowledge base built in that dynamically displays key information relating to the areas one is clicking on.

Documentation is built into the product with a series of drill-down mouse clicks to get to help-related information on a specific topic. Support is delivered via channel partners so fees will vary. If the next version can add in asset management and IT risk correlation, this would be a great product to look at if you are looking for a hosted GRC solution.

Copyright © SC Magazine, US edition


eGestalt Technologies SecureGRC Enterprise
 
:
Overall Rating
Verdict:
Easy to buy, use and manage for questionnaire-driven risk assessments.
Product Info
Supplier:
 
 
 
 
Top Stories
Photos: Global Switch opens Sydney East data centre
First stage opened, to some fanfare.
 
ATO releases long-awaited Bitcoin guidance
Everyday investors escape the tax man.
 
Why the Weather Bureau’s new supercomputer is a 'gamechanger'
IT transformation starts to reap results.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  67%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  7%
 
Insider threats
  11%
TOTAL VOTES: 477

Vote