Colorado thinks outside the silo
Officials at the Colorado Department of Human Services had a laundry list of compliance needs.
They wanted to track the department's information technology compliance, get a better handle on monitoring and remediation, and create a more strategic financial plan, said Kelly Eich, the department's chief technology officer.
To check some of these items off the list, CDHS is in the process of implementing CA's Governance, Risk and Compliance (GRC) Manager suite.
As a health care organization, CDHS must comply with the Health Insurance Portability and Accountability Act of 1996 and other privacy and security regulations. The department has a compliance framework of hundreds of different rules and regulations, Eich said.
'We were trying to manage some of those security risks using spreadsheets and Word documents,' Eich said. The CA GRC Manager is helping the department bring all of that together, she said.
The project is still in the early phases. On May 1, CDHS installed the infrastructure ' the back-end server software, Eich said.
The CA software also integrates with the Clarity software the department was already using. It provides automated testing and cost tracking for specific GRC programs such as Sarbanes-Oxley, with customizable summary reporting for progress and costs, CA representatives said.
'Risk and compliance are not going away,' said Marc Camm, senior vice president of CA's governance, risk and compliance products. More regulations are coming, and complying with them separately causes a lot of confusion. CA's GRC Manager provides management with a central place for all the policies, regulations, risks and controls, he said.
Trudy Walsh is a senior writer for GCN.