This guide describes how to manage information technology governance, risk management, and compliance (IT GRC) using the IT GRC Process Management Pack, a Process Management Pack for Microsoft® System Center Service Manager 2010 that helps you manage compliance for client and server computers in your organization.

Note
If you are unfamiliar with the terminology and concepts used in the IT GRC Process Management Pack, review the IT GRC Process Management Pack Getting Started Guide before continuing with this guide.

The IT GRC Process Management Pack helps automate end-to-end compliance management. Other Management Packs, such as the IT Compliance Management Library (CML) Management Pack, take advantage of System Center Service Manager’s integration with System Center Configuration Manager, System Center Operations Manager, or other systems to help automate the monitoring, validating, and reporting of the compliance state of deployed Microsoft products.

This guide is designed to help you evaluate the features and capabilities of the IT GRC Process Management Pack. The following list provides brief descriptions of each section in the guide.

The following figure illustrates the components used to manage IT GRC information using the IT GRC Process Management Pack and System Center Service Manager 2010.



Components used to manage IT GRC information

Style Conventions

This guidance uses the style conventions that are described in the following table.

Element

Meaning

Bold font

Signifies characters typed exactly as shown, including commands, switches, and file names. User interface elements also appear in bold.

Italic font

Titles of books and other substantial publications appear in italic.

<Italic>

Placeholders set in italic and angle brackets <Italic> represent variables.

Monospace font

Defines code and script samples.

Note

Alerts the reader to supplementary information.

Intended Audience

This guidance is intended for the following audience:

  • Compliance program manager. Users in this role are responsible for the management of IT GRC programs within their organizations and helps ensure that the organizations are in compliance with authority document citations.

  • Compliance program implementer. Users in this role are responsible for the management of control objectives, control activities, and risks, and are also responsible for managing the day-to-day tasks, such as performing control activity compliance tests or updating risk information.