It's really happening: IT and eGRC are growing towards each other
On December 10 2013 Luc Brandts wrote a blog about how the world of eGRC and IT GRC growing more towards each other. In January 2014 also Forrester underlined this development in their report, "The Forrester Wave": Governance, Risk and Compliance Platforms, Q1 2014". And more recent we see that now also regulators are picking up this trend.
Developing and Effective Information Security Strategy
SAMA, the Saudi Arabian banking regulator, recently hosted a conference about the importance of developing an effective information security strategy in the Middle East. BWise was one of the invited guest presenters. We shared our vision around integrated GRC versus fragmented GRC and how integrated GRC can contribute to information security throughout the enterprise. Together with the about 400 CIO's and CISO's from financial services companies from the region, our SVP of Sales and Solution Consultants, Rob van Straten, discussed how IT departments should play a role in defining the eGRC strategy rather than only focus their activities on IT GRC itself.
Support the IT and Operational Risks
The conclusion of the event was that the majority of the attendees recognized that a fragmented approach never can assure a CISO or CIO to be in control on all the information security risks on a holistic level. So the need for IT to be more involved with enterprise risk management and making sure IT risks are embedded in one risk taxonomy was made clear. For BWise it was a privilege to be part of this meeting. It was very interesting to be part of the discussions and to learn from both the regulator as well as from the financial industry what their challenges, concerns and opportunities are towards an integrated approach of IT and eGRC. Being a leader in this space for many years, helped up to anticipate on this trend and making sure we have adopted the specific needs of a CIO and CISO into our GRC platform. As a result, we are proud to say we are now involved in many inquiries from both existing and potential customers to demonstrate how our solution can e.g. support both the IT and Operational risks.