Value Achieved in IT GRC
Organizations operate in a complex environment of risk, compliance requirements, and vulnerabilities that interweave through departments, functions, processes, technologies, roles, and relationships. What may seem as an insignificant IT risk in one area can have profound impact on other risks and cause compliance issues. Understanding and managing IT governance, risk management, and compliance (IT GRC) in today’s environment requires a new paradigm in managing these interconnections and relationships. When organizations approach IT GRC in scattered silos of documents and disconnected solutions and processes there is no possibility to be intelligent about IT GRC decisions that impact the broader organizations and its operations. Organizations need an integrated IT GRC architecture that delivers 360º contextual intelligence on IT security, risk, and compliance. Surescripts is an information technology company that manages the electronic transmission of prescriptions between health care organizations and pharmacies and general health information exchange (HIE) of medical records. Information security, risk, and compliance are of critical importance when dealing with personal health information. Surescripts saw growing demands to ensure the security of this sensitive information and knew they needed to implement a true IT GRC process and move beyond the reactionary fire-fighting approach to information security that plagued them. To address their growing need for a platform to manage the range of IT GRC requirements, Surescripts evaluated solutions available in the market and purchased the LockPath® Keylight® Platform to manage risk across the Surescripts organization. GRC 20/20 has evaluated and verified the implementation of LockPath’s Keylight Platform at Surescripts and confirms that this implementation has achieved measurable value across the elements of GRC efficiency, effectiveness, and agility. In this context, GRC 20/20 has recognized LockPath and Surescripts with a 2016 GRC Value Award in the domain of IT GRC.
- Complexities of IT GRC Hinders Organizations
- Surescripts: Value Achieved in IT GRC
- The Challenge Surescripts Faced
- Solution to Surescript’s Problem
- Surescripts Achieved Value in GRC Efficiency, Effectiveness, and Agility
- GRC Efficiency Value
- GRC Effectiveness Value
- GRC Agility Value
- GRC 20/20’s Final Perspective
- About GRC 20/20 Research, LLC
- Research Methodology
©GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.