Simplifying compliance and risk management

• TruComply
• TruPCI
• TruAware
• Security Index Assessment
• Compliance Assessment
• Managed Compliance and Risk Services

Compliance & Risk Management Overview

Governance, Risk, and Compliance Management (GRC) is an emerging discipline for consolidating numerous independent compliance and risk management activities taking place across the organization. Given growing regulatory burdens and more complex business and IT environments, organizations need a common technology platform for managing these activities to eliminate duplication of effort, facilitate collaboration and communication, provide enterprise- wide visibility into risks, and ensure optimal resource allocation based on strategic business priorities.

Fundamentally, GRC is about:

1. Identifying and tracking the regulations and internal standards that apply to
   your organization
2. Creating an organizational control framework from these regulations and standards and applying it to organizational entities, business processes
   and assets
3. Developing, documenting, and communicating appropriate policies, procedures, and standards which are in alignment with the organizational control framework
4. Performing assessments/audits to identify control deficiencies
5. Prioritizing deficiencies based on a consistent risk methodology
6. Managing remediation activity and charting progress towards organizational objectives

GRC is a cross-functional process involving executives responsible for corporate governance, IT, security, audit, and legal as well as compliance and risk management professionals, if the organization has individuals dedicated to these functions.

TruArx can provide both software-as-a-service and consulting solutions to help clients achieve their GRC objectives. Each service has been designed and matured based on our experience of serving thousands of clients over the last eight years. A brief description of each solution is included below:

TruComply - TruComply is an easy-to-use IT GRC software-as-service application which can be fully implemented with a few weeks. TruComply currently supports nearly 500 regulations. TruComply, with its TruAware module, supports all six steps outlined above.

TruPCI - TruPCI is software-as-a-service application exclusively focused around one regulation: the Payment Card Industry Data Security Standard. While all merchants must comply with other regulations and can benefit from TruComply, some are not ready for this level of effort, particularly smaller merchants. TruPCI supports all six steps above for PCI.

TruAware – TruAware is a policy management and training module within TruComply to help organizations develop, document, and communicate appropriate policies, procedures, and standards which are in alignment with the organizational control framework (step 3 above).

Security Index Assessment (SIA) – A SIA helps organizations align their information security and compliance priorities with key business objectives and critical information assets. To execute the assessment, TruArx consultants perform steps 1, 2, 4, and 5 described above.

Compliance Assessment - Compliance assessments are traditional third-party assessments designed to help an organization understand its gaps relative to a given regulation/standard or meet third party validation requirements.

Managed Compliance and Risk Services - TruArx’ Managed Compliance and Risk Services are for clients who are looking for more than software – they need resources to execute their program as well. Services cover all of the six steps of GRC described above.