on 04-29-2015 5:34 AM
Hi All,
Am in the process of implementing GRC 10 with the following components for a pharma client.
Access Risk Analysis (ARA)
Access Request Management (ARM)
Emergency Access (Firefighter)
Business Role Management (BRM)
I just wanted to know your views on what kind of approach is better?. Please comment your views with your best approach.
My view is to first implement ARA and EAM together and then go ahead with ARM and BRM packed together.
Thank You for your idea.
Hello Mani,
Apart from technical details provided by Madhu and Plaban,some more additional information
As per my understanding any successful implementation will follow the ASAP methodology,check the below link for information on ASAP methodology
You need to define resources and time line before start the project,check the below link
also check the below threads which gives additional information
While implementing if any issues Forum will help you.
All the best!!!
Regards
Baithi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mani,
do you have 5.3, so that you would have to copy the provisioning process. if yes, then it will only be left to configure GCR 10. Else, you would have to design Provisioning process first and then get sign off. from all Lead/ approvers/Stake holders.
For EAM and ARA, ARM would be required, to handle workflows.So, it is better to implement ARM simultaneously. Else, for ARA, you would have to make Workflow as 'No', for Risk/Function/Mit. Control Creation/assignment. For EAM, FF and FF log review requests are made through ARM.
For EAM, you would need to decide whether you are going with Central or Decentralized.
For ARA, you would need to set up parameters, in IMG->...> Maintain Configuration settings.
Please go through GRCAC docs at ,
Regards
plaban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mani,
Whenever you are doing a GRC Implementation there will best practices to follow for each module ARA, ARQ, BRM and EAM.
But when it comes to how you want to start with your implementation completely depends on client's requirements and how they wanted to make use of GRC tool for their internal audit compliance. So, always based on requirements, the approach should be finalized.
Regards,
Madhu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.