Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

MetricStream, CrossIdeas Solution Enhances GRC Effectiveness

GRC Announcements | November 9, 2011

MetricStream, a governance, risk, and compliance solutions provider, and CrossIdeas, a provider of identity and access governance solutions to large multinational companies, has announced a new integrated solution that helps organizations enhance the effectiveness of GRC programs using Segregation of Duties (SoD) controls.

MetricStream Solution's integration with CrossIdeas ensures companies have robust internal controls to realize their business objectives while managing their risk exposures to financial, operational and reputational losses. The integrated solution helps organizations:

  • Minimize conflict of interests and human errors in business processes
  • Improve visibility and enforcement for policies across the enterprise
  • Promote management accountability for user authorizations
    Incorporate continuous controls monitoring
  • Reduce risk of frauds; and
  • Improve cost efficiency and time for compliance.

CrossIdeas Identity & Access Governance suite (IDEAS) offers native support for modeling SoD conflicts with an innovative activity-based approach, which allows organizations to:

  • Define conflicting business activities;
  • Manage policies;
  • Identify all possible combinations where conflicts of interest and incidents of unauthorized access are likely to occur
  • Assign permissions to users based on these combinations; and
  • Warn managers wherever conflicts arise.

In case of incidents, immediate remedial action is initiated by assigning investigative responsibilities to the appropriate personnel. Automatic email alerts ensure that action plans are carried out to closure.

MetricStream GRC Solution collaborates with CrossIdeas IDEAS to automatically import data from the various infrastructural elements, as well as incidents including SoD conflicts, policy non-compliance, associated risks and other related user identity and access governance information in real-time. The collaboration between the two solutions allows automatic activation of necessary workflows and tasks within MetricStream GRC Solution. This provides advanced capabilities that ensure that proper risk and compliance assessments are conducted, controls and action plans are created and remediation tasks are executed.