Symantec unveiled Control Compliance Suite 9.0 at the Symantec Vision '08 user conference in Las Vegas. The GRC solution will help Symantec partners reach new customers and offer new regulatory compliance services, according to Norman Menz, managing director for Prevalent Networks, a Symantec partner in Warren, N.J.
"It's getting customers to realize that there are other ways to do this and there are better ways to do this," he said.
Symantec's announcement comes as skepticism about the GRC market is on the rise. Last month, in a post titled "GRC is Dead," security consultant and blogger Rich Mogull questioned if there is a real audience for GRC solutions. He also argued that most GRC features should be part of existing enterprise resource planning (ERP) and accounting software.
"GRC is a feature, not a product," Mogull wrote. "It's a reporting tool, not a new paradigm for doing business."
And last week, Burton Group vice president and research director Trent Henry asked in a blog why governance, risk management and regulatory compliance are even grouped together in the first place.
"Each function is deserving of its own, complete, and separate word," he wrote. "There's no organization in which compliance activities, risk management, and executive governance are rolled into a single person, group, or tool. No sense creating an acronym that implies it."
Symantec touts Control Compliance Suite 9.0 as the only software that can automate every aspect of the governance, risk management and regulatory compliance process, from interpreting regulations to fixing problems. It supports a range of applications, platforms and regulations, including the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI-DSS), said Jitesh Chanchani, Symantec's product management director for compliance and security management.
"A lot of customers today have manual processes that they use to manage compliance," Chanchani said.
Automating those processes can save time, reduce costs and complexity and increase accuracy for all aspects of compliance, he added. Manual data collection, for example, can be an arduous, error-prone process that customers have to repeat every time they want to look at new data, Menz said.
"We see a lot of customers doing manual data collection," he said. With Symantec's new GRC solution, "it becomes a repeatable and dependable process. It allows organizations to continually assess their IT compliance."
Symantec said it designed the suite to require little customization upon deployment. The bigger opportunity for Symantec partners is in helping customers use the software to develop a full governance, risk management and regulatory compliance strategy, Chanchani said.
"Our partners can provide a lot of value-added services, not just in the implementation," he said.
Control Compliance Suite 9.0 will be available in September, said Chanchani, who added, "We've got plans for a very extensive training program for partners leading up to the launch."