Governance, Risk, and Compliance
 The Business and IT Challenge 
 Governance, risk, and compliance is a constant concern for enterprises that must keep
 up with changes in the global regulatory environment and industry standards. As
 enterprises adopt new business models, establish new partner relationships, and deploy
 new technologies, they must also quickly assess the impact of these developments on
 their existing compliance obligations and risk posture.
 For critical processes, enterprises must be able to continuously monitor and detect
 failing controls, especially between assessment periods. They must detect emerging
 risks and adjust controls and policies accordingly. Compressing the time to monitor,
 detect, and assess changes to the risk and compliance posture is only one side of the
 equation. Once a decision is made, enterprises must orchestrate and automate the
 appropriate remediation and risk treatment actions across business and IT processes.
 The zone.sd Solution


 zone.sd Governance, Risk, and Compliance (GRC) transforms inefficient processes
 across your extended enterprise into a unified GRC program built on the zone.sd
 platform. Through continuous monitoring, prioritization, automation, and a deep
 connection with the zone.sd platform, you can effectively respond to real risks in
 real time. The GRC suite is comprised of four applications:
 • Risk Management - Detect and assess the likelihood as well as business impact of
 an event, and respond to critical changes in risk posture between assessments
 • Policy and Compliance Management - Automate best practice lifecycles, unify
 compliance processes, and provide assurances around their effectiveness
 • Audit Management - Scope and prioritize audit engagements using risk data and
 profile information to eliminate recurring audit findings, enhance audit assurance, and
 optimize resources around internal audits
 Vendor Risk Management - Institute a standardized and transparent process to
 manage the lifecycle for risks assessments, due diligence, and risk response with
 business partners and vendors

Define a Governance Framework and Test Compliance Controls zone.sd  GRC

helps manage your governance framework, including policies, laws and regulations, and best practices in one system, and maps them to controls.

 Once defined, you can automate repetitive processes, even across functional groups. GRC customers can id   entify relevant business, risk and IT owners, and systems, and automate the manual cross-functional processes for policy lifecycle management and compliance testing to identify non-compliant controls, respond to issues, or effectively scope a GRC engagement. The unique capabilities of our platform eliminate errors and inefficiencies associated with emails, phone calls, and in-person meetings. Additionally, using the built-in GRC Attestation Designer, you can create and execute tests and attestations that are specific to a policy statement. This eliminates errors during evidence data collection and mitigates the need to manually reconcile test results and metrics.

Create a Risk Register and Automate Risk Assessments zone.sd  GRC helps identify and manage risks in a single register. Self-assessments can be scheduled to collect information about existing and emerging risks, and the accuracy of controls. GRC combines asset and process-centric risk methodologies to determine qualitative and quantitative risk scores, which are informed by service performance data with the business impact derived from the configuration management database (CMDB) This allows you to accurately gauge your risk exposure in real time. There is a consistent process for automatically creating and responding to issues, reducing remediation time from weeks to only minutes.

 Implement Real-Time Monitoring zone.sd  GRC identifies non-compliant controls, monitors high-risk areas, and manages the Key Risk Indicator (KRI) and Key Performance Indicator (KPI) library with automated data validation and evidence gathering. To complement existing GRC capabilities, we provide out-of-the-box integration with Performance Analytics for GRC, which uses PA indicators and thresholds as another means to detect failing critical controls between assessments. Interactive real-time dashboards provide overviews of your risk and compliance posture and audit activities. The role based dashboards in the GRC Workbench allow you to view status updates, priorities, and tasks associated with GRC engagements. Dependency modeling uses CMDB information to show upstream and downstream relationships across entities, so you can visualize the business impact of a control failure throughout the enterprise.

Assess Vendor Risk zone.sd GRC

 provides the ability to more easily manage and assess vendors. The time savings with Vendor Risk Management allows you to assess additional critical vendors. Portfolio management capabilities allow you to consolidate vendors into a single vendor catalog. Through the assessment designer and built-in questionnaires, you can more easily assess vendors and obtain better quality data, to more accurately organize vendors into tiers and track changes over time. Vendors risk is based on risk scores, which are dynamically generated, updated in real time, and stored in the vendor catalog. The vendor portal consolidates communication and enables collaboration with your vendor and between your vendor and his/her response team—replacing email and phone calls. Scheduled assessments and automated notifications and escalations ensure you stay on top of activities. Learn more at