Brabeion Adds Compliance Risk Scoring

RESTON, Va. -- Brabeion Software, a leader in IT Governance, Risk and Compliance (IT GRC) Management, today announced the next generation of its groundbreaking IT GRC software platform, Brabeion IT Risk & Compliance Manager 3.0 (ITRCM). Brabeion was first to market with a complete IT GRC suite that helps organizations achieve and sustain compliance and optimally manage risks while lowering assessment costs. Brabeion’s solutions have been successfully deployed in Global F1000 with dramatic returns on investment. With today’s new 3.0 release, Brabeion furthers the IT GRC industry vision by enabling IT risk and compliance to be managed more strategically as a business risk. New role-based dashboards elevate Brabeion into the industry’s first single solution to deliver a unified view of risks across people, processes and technologies tied to regulations, standards and company policies – eliminating the need to cobble together manual surveys and disparate tools. Brabeion also introduces the industry’s first “compliance risk scoring” for assets that factors in the likelihood of IT control failures – addressing a major gap in today’s traditional risk equation that can result in misleading data. New document workflow and repository management features that reduce cycle time and redundancies round out this mature IT GRC offering.

“What's missing today in IT risk and compliance are ways to link risk factors with measures the business can understand and support. Without this critical support, risk and compliance programs die on the vine. Risk scoring based on business processes, information assets, and supporting technologies is therefore vital to making the risk and compliance puzzle work, and it’s also essential to making intelligent decisions and mitigation strategies,” commented Scott Crawford, research director for analyst firm Enterprise Management Associates. “Solutions that link compliance and risk in this way are building a foundation for more strategic IT GRC programs.”

As enterprises struggle to gain control over compliance with numerous regulatory mandates and in the face of complex and continually changing IT environments, they are seeing their compliance focus evolve from the mitigation of negative security threats toward the philosophy that it is part of a comprehensive risk management program – and are now focusing on getting their risk management programs in place. IT GRC is emerging as an important new market category to give this strategic view toward managing business that is needed in highly regulated environments. According to AMR, thirty percent of the $30 billion IT compliance spend is going to GRC platforms.

Industry analysts and experts agree that the key to this risk-based approach is adopting a disciplined system for defining, measuring and monitoring IT controls, both technical and non-technical. “We are entering into the age of controls enlightenment. Today, there is a major disconnect between policy, procedures and controls measurement, which ultimately creates more holes and more risk. Controls health is an essential element of the risk equation and without it you don’t have a total IT GRC view,” said Steve Schlarman, chief compliance strategist for Brabeion. “Brabeion aims to solve this disconnect. Everything we do stems from our belief that ‘it all begins and ends with auditable policies measured against relevant controls.’”

Brabeion Inc.