GRC for financial compliance

We are always talking about software asset management (SAM) as a means to cut costs and also keep up with compliance. For financial firms, SAM, combined with a Governance, Risk and Compliance (GRC) program are a necessity to keep those regulators happy. Many firms choose to use GRC software to automate the process should they get audited (which the frequently do) to have information at the ready. Here are some tips for those that are in need of a GRC program to track data and remain in compliance:

Location, Location – know where your important financial data resides, you will need to be able to map where your data is at all times and be sure to have a structure in place to track it. This can be done with network diagrams or even with a discovery tool.

Controls – controls and/or policies should always be in place to protect your data. Who has access and who does now also needs to be tracked. Create a repository, just like you would for your software assets, for your financial controls, policy documents and security configurations.

Log all activity – you need to track your systems vulnerabilities, know who is accessing what and when.

Process for mapping data – a good GRC software program should have an underlying workflow and project management engine that can link data to specific regulations. This way, multiple reports can be automatically generated, creating a central compliance reporting process.

Another thing to consider when shopping for GRC software is that not all organizations have the same needs; therefore, finding a solution that fits your business may be a larger task than the actually implementation. Keep in mind that there is a difference between compliance and security and both should be addresses as individual processes. Regulators will be looking for processes for both to be in place and therefore both needs should be addressed.