on 03-09-2011 8:05 PM
Hello Forum,
I'm looking for other opinions on converting Compliance Calibrator (CC) 4.0 to Risk Analysis and Remediation (RAR) 5.2 (formerly CC)
I have inherited responsibility for RAR and need to upgrade it to the 5.2 level; our current ECC level prevents us from going to 5.3
I found a process that will unload the data from CC 4.0 and be imported into RAR 5.2
I want to understand the definitions that comprise the RAR and was thinking about recreating the definitions in 5.2 based on what is already defined in the CC 4.0 system; I have time to do this since there is no definitive deadline that would make it impossible to meet
Currently, I have the following definitions:
Business Process 6 entries
Functions 47 entries
Risks 147 entries
Mitigating Controls 40 entries
Would others find this approach acceptable and reasonable even though I would be entering all the information? Basically, it would be like defining the data for the very first time if this was NEW software
I would expect to come away with a good understanding of how everything ties together; at this point, I am only looking to create the necessary data that would allow for producing SOD reports that show all users with "risks" have been mitigated with acceptable controls
Thanks for your responses in advance
Jerry
Ryerson, Inc
630-758-2021
Hi Jerry,
sounds good to me, but keep in mind that AC 5.2 comes also with it's default ruleset which you might want to consider using in addition to what you have defined in CC 4.0.
For the migration process there is a guide on Service Marketplace:
Best,
Frank
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the reply
I have the migration guide and have reviewed it; I have actually played around a bit with obtaining the file from CC 4.0; I found that the data records may need some adjustments to be compatible with RAR 5.2; one of the reasons that may be leading me to do everything from scratch
The definitions currently defined were completed by an outside source and the mitigated controls were defined by the Internal Audit area
I'm not sure if they were mixed with the defaults
I'm not sure at this point what impact or changes I would experience if I use the "default" supplied rules set but I expect to find out
Thanks again for your reply
Jerry
Thanks for the replies
The scope of this question has been answered
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jerry,
what exactly is your ECC level?
Kind regards,
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Frank,
Sorry about the confusion; we are currently running r/3 at the 4.7 level; ECC terminology was introduced I believe with ECC 6
My understanding is that the GRC products at 5.3 require ECC 6
For what it's worth, my GRC 5.2 products are up to date with the latest SP levels
We are in the process of putting a plan together for upgrading to the ECC level but that may be some time yet before it becomes reality;
I would like to get the RAR 5.2 working to replace CC 4.0 prior to the ECC upgrade
Jerry
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.