Hi all,
We are using GRC 12 and have Access control(AC), Risk analysis, EAM implemented.
Objective - We are looking to put in automated checks in GRC for critical transactions and authorizations so we can find any pitfalls in security design (much like everything what a data extraction auditing tool like ACE does) and also so we can be one step ahead of auditors and catch any issues on time.
1. Is there a way to achieve this objective through any of the functionality offered in access controls? Or do we have to buy process control (PC) for that?
2. Any other major differences between AC and PC and pointers on how to sell PC to management in terms of all the functionality it can achieve?
Thank you !!
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.