GRC: Going beyond IAM

GRC (Governance, Risk Management, Compliance) has become a major business driver for IT. That isn't surprising. Beyond the legal requirements in becoming compliant to specific regulations like SOX, Euro-SOX, Basel II or the German BDSG (Data Privacy Law), to name just a few, Governance is the overall guideline for managing any organization. Compliance and Risk Management - defining, measuring, and handling the risks - are the two major aspects of Governance. IT, on the other hand, provides the tools for efficiently achieving the targets of GRC initiatives. Besides this, IT is a target for GRC initiatives because there are specific IT risks and compliance requirements. IT Governance, thus, is a major part of the overall Enterprise Governance.

During the last years, we've seen a fast-growing numbers of tools which claim to support in GRC or even to solve the issues the organizations are facing in GRC. Some entirely new market segments like Identity Risk Management evolved.

Interestingly, while not surprising, many of the tools in the GRC market deal with digital IDs. Business Role Management, e.g. assigning roles to users and, at the end, granting access rights to roles, is one area of such tools. SoDs (Segregation of Duties), Attestation of access rights, and the entire Auditing space are others. Some specific GRC implementations even support the provisioning and de-provisioning of accounts in connected systems.

Simply spoken, you can't address the GRC requirements successfully without a strong IAM backing. But GRC goes well beyond IAM, being a much more business-focused layer on top of the three main pillars of IT infrastructure, e.g. IAM, BSM, and SOA (as the commonly used synonym for the application infrastructure).

GRC is one of our most important research areas. This includes not only the specific applications for GRC, Identity Risk Management, or Business Role Management and SoDs, but covers as well the GRC-relevant aspects of Enterprise Content Management and industry-specific GRC solutions.
top print
Login via
E-mail:
Password:
New account Password lost?
Information
Services
KCP provides strategic consulting services for vendor and user companies covering all areas of identity & access management.
Reports
Use KCP as an independent, objective, and neutral authority on the Market for Identity Management products and solutions
Podcasts
Free audio and video presentations on important IAM-topics
Blogs
Sebastian Rohr
17.11.2008 16:02
Consolidation… as expected
READ 
Martin Kuppinger
17.11.2008 13:04
CA acquires Eurekify
READ 
Felix Gaehtgens
12.11.2008 15:30
More on “Geneva” and the Identity Metasystem
READ 
Joerg Resch
07.06.2008 10:28
Yubikey - New Hardware for Strong Authentication
READ 
Links
 Kuppinger Cole News

 Kuppinger Cole Podcasts

 Visit us at Xing

 IAM-Wiki

 GenericIAM
Imprint Terms and conditions Privacy policy
© 2003-2008 Kuppinger Cole + Partner