Information Technology Reference
In-Depth Information
GRC is an acronym for governance, risk management, and compliance. The IT GRC Process
Pack allows you to provide automated compliance management through the System Center
suite. The System Center Process Pack for IT GRC allows you to manage IT operations and in-
formation management; it does not include other governance, risk management, and compli-
ance functionality for other areas such as organizational accounting and business operations.
A control objective is a desired state result that has been met through risk assessment. For
example, a control objective might be that user accounts of contract workers have an expiry
date. This objective might have been selected after risk analysis found that some contractors
had network access after their contract term finished. Control activities allow control objec-
tives to be accomplished.
The System Center Process Pack for IT GRC uses the following System Center segments:
■
Service Manager
This hosts the System Center Process Pack for IT GRC and allows
you to run the controls and activities that are necessary to meet control objectives. The
System Center Process Pack for IT GRC requires that Service Manager be configured
with the Active Directory, Operations Manager, and Configuration Manager connec-
tors.
■
Service Manager data warehouse
This allows you to generate compliance and risk
reports to audit and review compliance information. It is required for System Center
Process Pack for IT GRC reporting.
■
Configuration Manager site server
Configuration Manager provides configuration
drift reporting. Configuration drift occurs when a computer's configuration changes
from those specified in a desired configuration baseline. It requires the deployment of
Configuration Manager agents on monitored computers.
■
Operations Manager
This manages alerts generated when computers drift from the
desired configuration baseline. It requires the deployment of the Operations Manager
agent on to monitored computers.
You install the System Center Process Pack for IT GRC on to the Service Manager server.
After you have the Process Pack, run the MpSyncJob to synchronize Service Manager with the
data warehouse. Then import the IT Compliance Management Libraries into Service Manager
and the desired Configuration Management configuration items and baselines into Configu-
ration Manager.
MORE INFO
SYSTEM CENTER PROCESS PACK FOR IT GRC
You can learn more about the System Center Process Pack for IT GRC at
http://technet.
When implementing a compliance program, it is occasionally necessary to configure pro-
gram exceptions. You create exceptions for services or servers that cannot be made compliant
with control objectives. You can create the following exception types:
