SAP and CA Technologies today announced a collaboration, bringing CA's knowledge of IT GRC -- managing risk and compliance around within IT security issues -- into the fold of SAP BusinessObjects GRC solutions.
From their press release:
"Most organizations manage their IT GRC separately from the rest of their GRC efforts; this increases cost and risk to the organization," said Dave Hansen, general manager, Management Products and Solutions and Security customer solutions units, CA Technologies. "Our work with SAP helps organizations remove the silos of GRC management by incorporating continuous monitoring of IT risk and compliance metrics into business process risk management."
Initial product focus is on continuously monitoring security, IT project and portfolio management, and assuring service performance. CA Enterprise Log Manager, CA Clarity™ PPM, and CA Wily Application Performance Management can provide content for the SAP® BusinessObjects™ Risk Management and SAP® BusinessObjects™ Process Control applications to map into the IT and business frameworks. This also helps continuously monitor these frameworks so that risk and compliance issues can be identified and mitigated proactively before events occur.
"With SAP's leadership in business applications and CA Technologies IT management leadership, our solution with CA Technologies provides a unique capability to integrate business and IT GRC," said Jim Dunham, group vice president, GRC Solutions, SAP. "By continuously monitoring controls across both the IT and the applications stack, GRC leaders now have the visibility they need to bring business relevance to IT GRC."
It's an interesting development to see, as most of SAP's push lately in the GRC arena has been more conceptual and forward thinking, typically around enterprise performance management (EPM) and sustainability, two hot topics in the industry. And while both are important, it's good to see a commitment to security/IT GRC as well.
Some of the improvements suggested -- the press release refers to "protecting business value" -- remind me of the post that I linked to in my last post, as well as my colleague Kristin Bent's recent post, all reflecting on how unforeseen risks can affect business issues beyond the immediate concern. (While BP's oil cap would not have been changed by better IT GRC, you can imagine similar circumstances in other industries.)
But SAP's fusion of some of the core concerns shown in security/IT GRC issues with some of the more forward-thinking parts of GRC is the way that leading companies and organizations are looking, and will surely be the model moving forward.