This guide describes how to manage information technology governance, risk management, and compliance (IT GRC) using the IT GRC Process Management Pack, a Process Management Pack for Microsoft® System Center Service Manager 2010 that helps you manage compliance for client and server computers in your organization.
|If you are unfamiliar with the terminology and concepts used in the IT GRC Process Management Pack, review the IT GRC Process Management Pack Getting Started Guide before continuing with this guide.|
The IT GRC Process Management Pack helps automate end-to-end compliance management. Other Management Packs, such as the IT Compliance Management Library (CML) Management Pack, take advantage of System Center Service Manager’s integration with System Center Configuration Manager, System Center Operations Manager, or other systems to help automate the monitoring, validating, and reporting of the compliance state of deployed Microsoft products.
This guide is designed to help you evaluate the features and capabilities of the IT GRC Process Management Pack. The following list provides brief descriptions of each section in the guide.
- Implementing IT GRC Management
Programs. This section helps you identify the key
implementation scenarios and how to configure the Process
Management Pack for IT GRC control management, which includes:
- Implementing an IT GRC Control Management
Program using Predefined Control Objectives and Control
Activities. This section helps you implement an IT GRC control
management program using predefined control objectives and control
- Automating an IT GRC Management
Program. This section helps you automate an IT GRC management
program using System Center products and custom scripts.
- Managing Risks with an IT GRC Program.
This section helps you add risks to an IT GRC management
- Viewing IT GRC Information Using
Reports. This section helps you run the reports that are
included as a part of the IT GRC Process Management Pack.
- Exporting and Importing IT GRC Management
Information. This section helps you use the Microsoft Client
add-in to export information from and import information into the
IT GRC Process Management Pack.
- Appendix. This section provides
additional details for using the IT GRC Process Management
The following figure illustrates the components used to manage IT GRC information using the IT GRC Process Management Pack and System Center Service Manager 2010.
This guidance uses the style conventions that are described in the following table.
Signifies characters typed exactly as shown, including commands, switches, and file names. User interface elements also appear in bold.
Titles of books and other substantial publications appear in italic.
Placeholders set in italic and angle brackets <Italic> represent variables.
Defines code and script samples.
Alerts the reader to supplementary information.
This guidance is intended for the following audience:
- Compliance program manager. Users in
this role are responsible for the management of IT GRC programs
within their organizations and helps ensure that the organizations
are in compliance with authority document citations.
- Compliance program implementer. Users
in this role are responsible for the management of control
objectives, control activities, and risks, and are also responsible
for managing the day-to-day tasks, such as performing control
activity compliance tests or updating risk information.