Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
March 18, 2022
In this post, Senior Practice Manager Kurt Reindl:
Practical guidance toward improving time-to-value and momentum in your risk and compliance digital transformation.
The temptation, or maybe misunderstanding, when considering the right technology to support your governance, risk and compliance/information risk management (IRM) program is to identify a tool that lets you simply import your current processes and make the tool succumb to your whims. Don’t do it.
I intentionally used the word “make” versus setup or configure, because too often we try to make the technology meet us when it should be the other way around. GRC tools, regardless of the provider, are not designed specifically for your program. Instead, they’re designed from an industry perspective based on standard use cases, current trends, competitor analysis, platform structure and the amount of product management R&D spend the vendor applies to keep the software updated.
I’m not the foremost authority on GRC technology, but I have learned a few hard lessons from the past 12 years of implementing GRC software. At a high level, I do know for certain that forcing these tools to mirror your processes will lead to:
Oh, and don’t forget your customer. End users, most commonly first and second line of defense team members, will be saddled with how workflow is designed and reporting structured based on decisions made during the implementation project. GRC tools should be a net efficiency gain for your organization. Define what efficiency gains you’re seeking and change your mindset to drive toward how the tool will change your approach and process for the better. If you buy a GRC tool, understand why you are buying it and what you expect to gain from it. Moving manual and inefficient processes to the tool versus adopting the capabilities of the tool will surely limit your success.
Now let me climb off my righteous, editorial soapbox and lean in with some helpful thoughts to optimize value in a reasonable period. Hopefully, this helps keep you out of harm’s way so you don’t get swept away with building your own system. The guiding principles below aren’t all-inclusive, but are based on the real experience of leading your organization through an effective GRC system implementation.
GRC tools can be a powerful and effective in managing your compliance and risk posture. Companies building GRC software own the responsibility of keeping their tools current with customer needs in mind. Let them carry the burden and cost of making the product better (with your insight, of course). At the same time, avoid trying to build the perfect system because it may cost you in the long run.
Don’t let perfect become the enemy of good.
Optiv Security: Secure greatness.™
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to more than 7,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Optiv’s Risk Automation services enable you to increase efficiencies and reduce costs of risk management.
Risk Management Transformation Service
Our Focused Cyber Risk Strategy Development engagement includes a range of services, including risk, privacy, compliance and vulnerability management.
Risk Assessments Service Brief
Our risk assessments provide a holistic view of cyber risk throughout your organization or agency.
Let us know what you need, and we will have an Optiv professional contact you shortly.