eGestalt Technologies SecureGRC Enterprise

Powered by SC Magazine
 

SecureGRC is a cloud-based automated IT security and compliance management solution.

 

SecureGRC supports both a security centric and full blown IT-GRC platform. The offering comes complete with an easy-to-use compliance-management framework, context-based inference engines, alert processing and easy-to-use logging and monitoring solution. The tool features easy-to-adopt and ready-to-use compliance management frameworks, as well as context-based inference engines. In addition, SecureGRC features alert processing along with logging and monitoring capabilities.

Available in Enterprise and SB (small business) editions, SecureGRC is a cloud-based, SaaS-delivered security and risk assessment, auditing and remediation application. It is generally sold through its reseller channels. All data is stored in a SaS 70 Type II secure data center and no electronic record information is removed from a client site.

SecureGRC contains ready-to-use compliance control kits for PCI-DSS 1.2, ISO 27001/27002, COBIT, Sarbanes Oxley, HIPAA/HITECH, Gramm-Leach-Bliley Act, and other country-specific frameworks. 

The tool provides real-time status on the current state of security and compliance and then offers a checklist of questions that guides the process along, asking for proof of documentation to fulfill the compliance request.

No prior knowledge of any particular compliance regulation is necessary in order to use SecureGRC. As a hosted solution, the interface is a web browser. Older browsers are not supported. The user interface is fairly easy to decipher with pull-down selections for customized assessments, controls, risk ratings and more. Users simply follow the application's list of instructions, upload the required documents and the system in the end will generate a report that can be presented to auditors to prove compliance. There is a substantial amount of prepopulated content around the regulatory and compliance standards listed above. Setup requires one to establish user accounts and provision them based on required levels of access. One then selects the templates needed for creating assessments from the list, customizes as necessary and publishes the assessment. Emails are sent to the users with their credentials for accessing the assessment questions.

There is a closed-loop review process where the auditor can ask for additional information to complete the assessment. Once this process finishes, the compliance reports are generated. One doesn't have to be highly technical to use the tool. There is a sensible knowledge base built in that dynamically displays key information relating to the areas one is clicking on.

Documentation is built into the product with a series of drill-down mouse clicks to get to help-related information on a specific topic. Support is delivered via channel partners so fees will vary. If the next version can add in asset management and IT risk correlation, this would be a great product to look at if you are looking for a hosted GRC solution.

Copyright © SC Magazine, US edition


eGestalt Technologies SecureGRC Enterprise
 
:
Overall Rating
Verdict:
Easy to buy, use and manage for questionnaire-driven risk assessments.
Product Info
Supplier:
 
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1079

Vote