IT GRC Process Management Pack Operations Guide

This guide describes how to manage information technology governance, risk management, and compliance (IT GRC) using the IT GRC Process Management Pack, a Process Management Pack for Microsoft® System Center Service Manager 2010 that helps you manage compliance for client and server computers in your organization.

Note
If you are unfamiliar with the terminology and concepts used in the IT GRC Process Management Pack, review the IT GRC Process Management Pack Getting Started Guide before continuing with this guide.

The IT GRC Process Management Pack helps automate end-to-end compliance management. Other Management Packs, such as the IT Compliance Management Library (CML) Management Pack, take advantage of System Center Service Manager’s integration with System Center Configuration Manager, System Center Operations Manager, or other systems to help automate the monitoring, validating, and reporting of the compliance state of deployed Microsoft products.

This guide is designed to help you evaluate the features and capabilities of the IT GRC Process Management Pack. The following list provides brief descriptions of each section in the guide.

Implementing IT GRC Management Programs. This section helps you identify the key implementation scenarios and how to configure the Process Management Pack for IT GRC control management, which includes:

Implementing an IT GRC Control Management Program using Predefined Control Objectives and Control Activities. This section helps you implement an IT GRC control management program using predefined control objectives and control activities.
Automating an IT GRC Management Program. This section helps you automate an IT GRC management program using System Center products and custom scripts.
Managing Risks with an IT GRC Program. This section helps you add risks to an IT GRC management program.
Viewing IT GRC Information Using Reports. This section helps you run the reports that are included as a part of the IT GRC Process Management Pack.
Exporting and Importing IT GRC Management Information. This section helps you use the Microsoft Client add-in to export information from and import information into the IT GRC Process Management Pack.
Appendix. This section provides additional details for using the IT GRC Process Management Pack.

The following figure illustrates the components used to manage IT GRC information using the IT GRC Process Management Pack and System Center Service Manager 2010.

Style Conventions

This guidance uses the style conventions that are described in the following table.

Element	Meaning
Bold font	Signifies characters typed exactly as shown, including commands, switches, and file names. User interface elements also appear in bold.
Italic font	Titles of books and other substantial publications appear in italic.
<Italic>	Placeholders set in italic and angle brackets <Italic> represent variables.
`Monospace font`	Defines code and script samples.
Note	Alerts the reader to supplementary information.

Intended Audience

This guidance is intended for the following audience:

Compliance program manager. Users in this role are responsible for the management of IT GRC programs within their organizations and helps ensure that the organizations are in compliance with authority document citations.
Compliance program implementer. Users in this role are responsible for the management of control objectives, control activities, and risks, and are also responsible for managing the day-to-day tasks, such as performing control activity compliance tests or updating risk information.