Professional Documents
Culture Documents
Audit Manager
SecureGRC Audit Management feature provides an integrated solution to managing the functions, documents
and tasks associated with audits (IT, Security or Financial) of any organization. In addition, it provides access
to the core elements from the SecureGRC platform such as Workflow, Document Management, Audit Work
paper repository, Fine-grained access control through a secure Web based interface
Key Features
Single and Centralized repository for all work papers
TM
SecureGRC
Version control for all work papers
Link work papers to controls
Schedule audits
Assign personnel to audits
Audit trail Page | 2
Ability to track audit failures
Dashboards and reports
Key Features
Automate monitoring of controls such as management of sensitive data and technical controls.
Enable vendor managers to manage risk.
Assess vendor risk using various assessment types and a library of questions based on best-practice
standards.
Derive risk and compliance ratings by type of vendor from assessment results.
Measure vendor compliance to policies and procedures.
Track and address areas of non-compliance identified in the vendor assessment process.
According to VISA
Acquirers are responsible for ensuring that all of their merchants comply with the PCI Data Security Standard
(DSS) requirements
TM
SecureGRC
MasterCard fundamentally views our member Acquirers as owning the acquiring payment channel. Given this
perspective, MasterCard works to administer the SDP Program through our Acquirers, working with
merchants to further secure the transaction infrastructure. Please note that acquirers themselves do not need
to go through the SDP compliance process but they must manage the SDP process for their merchants.
Merchant Management is the process that enables card acquirers to ensure that their merchants are
compliant with the PCI Data Security Standard and thereby satisfy the demands of the various card brands.
Page | 3
SecureGRC’s merchant management enables organizations (banks, acquirers, service providers etc. ) to
manage the compliance of their merchants with the PCI DSS. Merchant management automates many of the
manual tasks associated with the merchant compliance process. When organizations are dealing with
thousands of merchants, the process of managing compliance could consume an enormous amount of
resources, time and money. CMM enables organizations to reduce all of these by providing a single interface
to all compliance processes through a universally accessible web based interface.
Key Features
Automate monitoring of controls such as management of sensitive data and technical controls.
Enable vendor managers to manage risk.
Assess vendor risk using various assessment types and a library of questions based on best-practice
standards.
Derive risk and compliance ratings by type of vendor from assessment results.
Measure vendor compliance to policies and procedures.
Track and address areas of non-compliance identified in the vendor assessment process
Policy Management
What is Policy Management?
Policy management is the overall process of managing the plethora of policies, procedures, guidelines and
other documents that are part of the governance framework and function in any organization.
Key Features
Single and centralized repository for all policies
Version control for all policies and procedures
Monitor acceptance of policies
Out of the box policy and procedure templates
Ability to link policy and procedures to controls
Dashboards and reports
TM
SecureGRC
Remediation tracking
Key Features
Accurate asset discovery
Single and Centralized repository for all assets and vulnerabilities
Ability to link Assets to controls
Schedule audits
Scan for vulnerabilities remotely
Map assets and vulnerabilities to regulations
Remediation tracking
Dashboards and reports
Compliance Scanning
What is Compliance Scanning?
SecureGRC's compliance scanning is a unique feature that allows scanning of data concerned with PCI
compliance in various data stores. Compliance Scanner allows QSAs/Auditors and consultants to streamline
and automate the process of evaluating PCI compliance during onsite engagements. Results from leading
vulnerability scanners and application scanners, along with cardholder data search features are processed by
the Compliance Scanner to pre-populate approximately half the controls of PCI DSS.
Features of Compliance Scanner for QSAs include:
Easy interview wizard to walk QSAs through the entire process.
Automated search for cardholder data within servers and databases.
Automated mapping of application/network vulnerabilities (from leading security scanners) to
“cardholder” assets and servers.
Automated firewall rule set analysis and mapping of faulty rule sets to PCI requirements.
Generation of Report on Compliance with more than half controls pre-populated with accurate data
on cardholder systems, their vulnerabilities and misconfigured firewall rule sets.
TM
SecureGRC
Key Features
SecureGRC Compliance Scanner helps QSAs save a significant amount of time and resources to
perform PCI assessments.
It also improves consistency of assessments across people and time and can help demonstrate the
quality needed by the PCI Council.
Page | 5
Data Discovery
What is Data Discovery?
Finding credit card data is one of the key and initial steps needed for compliance with the Payment Card
Industry (PCI) Data Security Standard (DSS). The standard clearly prohibits storage of card holder data in an
unencrypted manner.
SecureGRC Data Discovery addresses this key need and was one of the first comprehensive scanners that not
only searches for credit card data on file systems, but also in most commercial and open source databases.
Data Discovery rapidly helps define the scope of a PCI assessment or certification and helps concentrate the
efforts of the assessment. It usually is an eye-opener for many organizations that are surprised by the
unintended proliferation of credit card data within organizations once CDD scans their environment. Those
discoveries help organizations control the storage of the data or implement means to encrypt the data.
Key Features
Find unencrypted credit card data in ANY type of file - Word Documents, Excel Spreadsheets, PDFs,
Access databases. CDD is not constrained by file types, rather it allows you to search the whole hard
disk for credit card data
Find credit card data in network shares
Find credit card data across the WHOLE network from one location. CDD needs Microsoft Active
Directory (AD) or Domain level credentials and using those credentials, you can search for card data
on desktops, laptops, servers etc all from one location.
Convenience of searching from one place, no need to go to each desktop/laptop to search for data
Find credit card data in most popular commercial and open source databases such as Oracle, SQL
Server, and MySQL etc.
Extremely fast and uses very few resources - network or CPU resources
TM
SecureGRC