You can import and export IT GRC information (including programs, control objectives, and control activities) to and from the IT GRC Process Management Pack using the IT GRC Process Management Pack Excel Client add-in. The following table lists the usage scenarios for the Excel Client add-in.

Scenario

Description

Perform bulk updates to IT GRC information

Allows you to make bulk updates to IT GRC information. For example, assigning an owner to multiple control objectives.

Create new IT GRC information

Allows you to create new IT GRC information interactively or from other sources, such as Microsoft Excel® spreadsheets. This allows you import IT GRC information from other systems or sources of IT GRC information.

Performing Updates to Existing IT GRC Management Information

You can make updates to existing IT GRC management information using the IT GRC Process Management Pack Excel Client add-in. You can make updates to individual items or you can perform bulk updates to any number of items in the IT GRC management information, including programs, control objectives, and control activities. After you make the modifications in Excel, the Excel Client add-in automatically updates the information in the System Center Service Manager CMDB.

Perform bulk updates to an existing IT GRC management program using the following table and instructions.

Information needed

Value

Program

Credit Card Processing Compliance Program

<control_objective>

System hardening through configuration management

Owner

User account to be configured as the owner of the control objective

<assigned_to>

User account to be configured as the assigned to of the control objective

To perform bulk updates using the IT GRC Process Management Pack Client add-in

  1. Click Start, click All Programs, click Microsoft System Center, click Service Manager 2010, and then click Service Manager Console.

    The System Center Service Manager Console starts.

  2. In the Service Manager Console, in the Navigation pane, click Compliance and Risk Items.

  3. In the Compliance and Risk Items pane, go to the All Compliance and Risk Items/All Compliance and Risk Items/Program Management/All Programs location.

  4. In the Results pane, select <program> (where program is the name of the program that you want to edit).

  5. In the Tasks pane, click Open Program in Excel.

    Microsoft Office Excel 2007 starts and loads the program and other GRC information in the spreadsheet.

  6. In Excel, click the Control Objectives worksheet tab.

  7. Record the values in the ID and Title columns of the control objective.<user_name> (where control_objective is the name of the control objective you want to update, user_name is the name of the user that you wish to make the owner of the control objective, and domain_name is the domain where the user account is located).

    Tip
    You can locate the control objective by searching for part of the objective name using the Find feature in Excel.

  8. In the Control Objectives worksheet, in <control_objective>, in the Assigned to column, click the button to select <domain_name>.<user_name>.

  9. Record the values in the ID and Title columns of the control objective.

  10. On the Ribbon, click the SM tab.

  11. On the SM tab, click Publish.

    The Client add-in publishes the updated control objectives to System Center Service Manager. After the updated control objectives are published, the Publish Results dialog box appears.

  12. In the Publish Results dialog box, review the published control objectives, and then click OK.

    The Client add-in refreshes the IT GRC management information and displays the refreshed information.

  13. In the Service Manager Console, in the Compliance and Risk Items pane, go to All Compliance and Risk Items / Control Management / All Control Objectives.

  14. In the Results pane, click All Control Objectives.

  15. In the Details pane, click <control_objective> (where control_objective is the control objective you modified in step 7 and step 8).

  16. In the Tasks pane, click Edit.

    The Control Objective form opens.

  17. In the Control Objective form, notice that the values in Owner and Assigned To are set to the values you selected in step 7 and step 8.

  18. Close all open windows and dialog boxes.

Creating New IT GRC Management Information

You can create new IT GRC management information using the IT GRC Process Management Pack Client add-in. You can create individual items or you can create any number of IT GRC management information items, including programs, control objectives, and control activities.

Create new IT GRC management control objective using the following table and instructions.

Information needed

Value

Program

Credit Card Processing Compliance Program

<IT_GRC_item_type>

Control Activities

<control_activity_title>

Post IT GRC policy information on bulletin boards in all cafeterias and kitchens.

<control_activity_description>

Necessary to post IT GRC policy information on bulletin boards in public gathering places so that employees are informed of the changes.

<control_activity_procedure type>

Manual

<control_activity_type>

Policy(PCA)

Owner

User account to be configured as the owner of the control activity

<assigned_to>

User account to be configured as the assigned to of the control activity

To create new IT GRC management items using the IT GRC Process Management Pack Client add-in

  1. Click Start, click All Programs, click Microsoft System Center, click Service Manager 2010, and then click Service Manager Console.

    The System Center Service Manager Console starts.

  2. In the Service Manager Console, in the Navigation pane, click Compliance and Risk Items.

  3. In the Compliance and Risk Items pane, go to the All Compliance and Risk Items / Program Management / All Programs location.

  4. In the Results pane, select <program> (where program is the name of the program that you want to edit).

  5. In the Tasks pane, click Open Program in Excel.

    Microsoft Office Excel 2007 starts and loads the program and other GRC information in the spreadsheet.

  6. In Excel, click the <IT_GRC_item_tab> (where IT_GRC_item_tab is the tab that relates to the type of IT GRC item that you want to create).

  7. In the <IT_GRC_item_tab>, go to the last row on the tab.

  8. In the first empty row after the existing information, enter the appropriate information for the new IT GRC item.

  9. On the Ribbon, click the SM tab.

  10. On the SM tab, click Publish.

    The No Relation dialog box might display if you did not associate the item with other IT GRC items.

  11. In the No Relations dialog box (if displayed), click Yes.

    The Client add-in publishes the updated control objectives to System Center Service Manager. After the updated control objectives are published, the Publish Results dialog box appears.

  12. In the Publish Results dialog box, review the published control objectives, and then click OK.

    The Client add-in refreshes the IT GRC management information and displays the refreshed information. Record the values in the IT and Title columns of the new IT GRC item.

  13. In the Service Manager Console, in the Compliance and Risk Items pane, go to All Compliance and Risk Items / Control Management / <IT_GRC_item_type> (where IT_GRC_item_type is the type of IT GRC item that you are creating).

  14. In the Results pane, click All <IT_GRC_item_type>.

  15. In the Details pane, click <IT_GRC_item> (where IT_GRC_item is the IT GRC item you created in Step 8).

  16. In the Tasks pane, click Edit.

    The edit form for the IT GRC item opens.

  17. In the form, notice that the item is configured to the values you selected in step 8.

  18. Close all open windows and dialog boxes.