This guide describes how you can use the Process Pack for IT GRC to help manage IT governance, risk management, and compliance (GRC) efforts in your organization. A process pack is a management pack for Microsoft® System Center 2012 - Service Manager that helps manage IT processes based on industry standards and best practices, such as Microsoft Operations Framework (MOF) and Information Technology Infrastructure Library (ITIL). The Process Pack for IT GRC helps provide automated compliance management for client and server computers.
Compliance affects many organizations, both large and small. Regulatory requirements are a major driver for compliance. These requirements come from organizations such as the Security and Exchange Commission (SEC) and the New York Stock Exchange (NYSE), from legislation such as Sarbanes-Oxley (SOX) and also from industry standards such as Payment Card Industry (PCI). However, even organizations that are not affected by regulatory requirements need to achieve compliance with their own organizational policies. Problems often arise when organizations initiate a compliance program because they may not be certain where to begin or how to automate the program using technology.
The Process Pack for IT GRC addresses this challenge through the use of compliance libraries. Compliance libraries provide controls used to help achieve compliance with IT GRC authority document citations that are maintained by international, government, or industry authorities. Other management packs are available from the Microsoft System Center Marketplace, contain control activities and automation needed to take advantage of System Center Service Manager’s integration with System Center Configuration Manager and System Center Operations Manager to monitor, validate, and report on the compliance state of deployed Microsoft products. Together, these solutions help customers understand and bind complex business objectives to their infrastructures.
This guide will help you understand the features and capabilities of the Process Pack for IT GRC. The following list provides brief descriptions of each section in the guide.
- IT GRC and Program Management
Overview. This section helps you understand the IT GRC
processes, terms, and roles used in IT GRC management programs.
- Managing Risks with an IT GRC Program.
This section helps you add risk information to an IT GRC management
program.
- Reporting IT GRC Information. This
section helps you run the reports that are included as a part of
the Process Pack for IT GRC.
- Managing Exceptions in IT GRC
Programs. This section helps you understand the types of
exceptions that can be requested and how they are managed.
- Exporting and Importing IT GRC Management
Information. This section helps you use the Microsoft Client
add-in to export information from and import information into the
Process Pack for IT GRC.
- Appendix. This section provides
additional details for using the Process Pack for IT GRC.
Style Conventions
This guidance uses the style conventions that are described in the following table.
Element |
Meaning |
Bold font |
Signifies characters typed exactly as shown, including commands, switches, and file names. User interface elements also appear in bold. |
Italic font |
Titles of books and other substantial publications appear in italic. |
<Italic> |
Placeholders set in italic and angle brackets <Italic> represent variables. |
|
Defines code and script samples. |
Note |
Alerts the reader to supplementary information. |
Important |
Alerts the reader to essential supplementary information. |
Intended Audience
This guidance is intended for those whose roles include the following responsibilities:
- Implement and manage IT GRC compliance
programs. These individuals will create and manage the IT GRC
program within their organizations, work with internal and external
auditors to define programs and expectations, ensure the correct
compliance controls and control activities are included in the
compliance program, manage pre-audit and audit activities, and
assign compliance-related tasks to users in the form of work items
and IT GRC incident tickets. Individuals who perform these tasks
require the following user roles and permissions:
- Member of the Compliance Program Manager user role in System
Center Service Manager.
- Member of the Compliance Program Manager user role in System
Center Service Manager.
- Configure computers and assess IT GRC
compliance. These individuals will configure the managed
computers for compliance and collect the compliance results for IT
GRC programs using automated and manual methods. Individuals who
perform these tasks require the following user roles and
permissions:
- Member of the Compliance Program Implementer user role in
System Center Service Manager.
- Have sufficient permissions and privileges on the managed
computers to configure the managed computers for compliance.
- Have sufficient permissions and privileges on the managed
computers to collect the compliance results from the managed
computers.
- Member of the Compliance Program Implementer user role in
System Center Service Manager.