The Value of Force.com as a GRC Platform

Similar documents
Accelerate Your Enterprise Private Cloud Initiative

INTELLIGENCE DRIVEN GRC FOR SECURITY

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Achieving effective risk management and continuous compliance with Deloitte and SAP

IT Enterprise Services. Capita Private Cloud. Cloud potential unleashed

W H IT E P A P E R. Salesforce Security for the IT Executive

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Technical Overview. Access control lists define the users, groups, and roles that can access content as well as the operations that can be performed.

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

OVERVIEW BROCHURE GRC. When you have to be right

Don t just manage your documents. Mobilize them!

The Value of Data Modeling for the Data-Driven Enterprise

The Device Has Left the Building

The ProcessGene GRC Suite. Solution Presentation

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

Oracle Buys Automated Applications Controls Leader LogicalApps

50+ INSTALLATIONS WORLDWIDE. 500k WHAT WE DO {

locuz.com SOC Services

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Getting Hybrid IT Right. A Softchoice Guide to Hybrid Cloud Adoption

Three Key Challenges Facing ISPs and Their Enterprise Clients

Metadata Architectures

Importance of the Data Management process in setting up the GDPR within a company CREOBIS

IBM Tivoli Directory Server

Cloud Computing Overview. The Business and Technology Impact. October 2013

Best Practices in Enterprise Data Governance

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Demystifying GRC. Abstract

Aligned Elements The professional Product Suite built to keep the Design History Files complete and consistent at all times, using minimal effort and

Data Centre Solutions Expertly Engineered APC Management Software

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

Governance, Risk, and Compliance: A Practical Guide to Points of Entry

Cloud Computing: Making the Right Choice for Your Organization

AWS Reference Design Document

for TOGAF Practitioners Hands-on training to deliver an Architecture Project using the TOGAF Architecture Development Method

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Enterprise GRC Implementation

Continuous auditing certification

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

ALERT LOGIC LOG MANAGER & LOG REVIEW

<Insert Picture Here> Enterprise Data Management using Grid Technology

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

Transforming IT: From Silos To Services

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Certification Exam Guide SALESFORCE CERTIFIED SHARING AND VISIBILITY DESIGNER. Spring Salesforce.com, inc. All rights reserved.

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Next Generation Policy & Compliance

Cirius Secure Messaging Enterprise Dedicated Cloud

Secure Messaging is far more than traditional encryption.

Informatica Data Quality Product Family

VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment

FROM A RIGID ECOSYSTEM TO A LOGICAL AND FLEXIBLE ENTITY: THE SOFTWARE- DEFINED DATA CENTRE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

THALES DATA THREAT REPORT

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Deliver Data Protection Services that Boost Revenues and Margins

Maximizing IT Security with Configuration Management WHITE PAPER

Chapter 4. Fundamental Concepts and Models

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

The rapid expansion of usage over the last fifty years can be seen as one of the major technical, scientific and sociological evolutions of

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Axway SecureTransport

Improving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN

Cisco Services: Towards Your Next Generation IT

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

Get Started on SOA. People Entry Point Interaction and Collaboration Services. Case for an SOA Portal

That Set the Foundation for the Private Cloud

Storage Made Easy. Enterprise File Fabric for Unified Data Indexing, Auditing, e-compliance, and secure file sharing.

: Course : SharePoint 2016 Site Collection and Site Administration

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

Cloud Computing Briefing Presentation. DANU

Common approaches to management. Presented at the annual conference of the Archives Association of British Columbia, Victoria, B.C.

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

CipherPost Pro Enterprise Dedicated Cloud

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Solving the Enterprise Data Dilemma

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

LEADING WITH GRC. Common Controls Framework. Sundar Venkat, Sr. Director Technology Compliance Salesforce

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Moving from a Paper to Paperless validation effort and how to get the most efficient mix of Manual vs. Automated testing.

Symantec Data Center Transformation

Evaluating Encryption Products

Modern Database Architectures Demand Modern Data Security Measures

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

2012PHILIPPINES ECC International :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA

How to Evaluate a Next Generation Mobile Platform

Module 7 TOGAF Content Metamodel

THE HYBRID CLOUD. Private and Public Clouds Better Together

Danish Cloud Maturity Survey 2018

Services solutions for Managed Service Providers (MSPs)

5 OAuth EssEntiAls for APi AccEss control layer7.com

The Business Case for a Web Content Management System. Published: July 2001

The Value of Data Governance for the Data-Driven Enterprise

Transcription:

The Value of Force.com as a GRC Platform Andy Evans - Xactium Limited March 2009 Executive Summary The importance of governance, risk and compliance (GRC) activities to organizations has become increasingly better understood and it is now widely accepted that good management of GRC activities is essential to the protection and growth of the value of an organization particularly in an increasingly global, risk-averse and regulatory driven environment. The result - many organizations are consolidating their GRC systems and activities, and are aiming to take an organization wide, holistic approach to compliance and risk management. GRC vendors in response are moving away from point solutions, to platform based enterprise solutions that can accommodate and unify multiple GRC applications. These aim to support multiple compliance, risk and policy management applications and the infrastructure necessary to adapt to rapidly changing regulatory requirements and processes. One such platform, the Force.com platform, is ideally suited to this approach. Force.com is a multitenant software as a service (SaaS) platform (widely known now as Platform-as-a-Service or PaaS) which has achieved significant success in the CRM (customer relationship management) domain. With its rapid evolution as an application development platform, it offers significant advantages as an enterprise GRC platform in combination with the suite of native Force.com GRC applications now available from Xactium. Overview of the GRC Platform Traditionally organizations have utilized a variety of point solutions for managing specific aspects of their governance, risk and compliance activities, for example SOX (Sarbanes Oxley) or operational risk. However, over time the number and variety of GRC activities being managed by organizations has grown considerably to include aspects such as audit management, policy management, anti-money laundering and wider issues of IT Governance. Because of its growing importance and scope, many organizations are looking to consolidate their existing point solutions into a holistic GRC solution. The aim is to provide a central view of governance, risk and compliance, enabling these aspects of the business to be accurately and efficiently controlled across the organization. An enterprise GRC platform provides a common infrastructure for defining, managing and monitoring governance, risk and compliance activities across an organization. As shown in Figure 1, the GRC platform must provide the foundation for connecting GRC activities into a manageable whole, supporting the following key features: 1 P a g e

Primary GRC activities Supporting enterprise and GRC specific functions and activities Information management Integration A GRC platform should facilitate collaboration and information sharing across the enterprise and between the various stakeholders involved in GRC activities. It should recognise the importance of human involvement in effective governance, risk and compliance, and provide a user friendly and compelling solution to both enable compliance professionals to manage their day to day activities and to provide the necessary information to executives, board, regulators and external parties, to ensure the continued well-being of the organization. Figure 1 Enterprise GRC Architecture Primary GRC Activities The primary objective of the enterprise GRC platform is to automate much of the work associated with managing the collection and reporting of risk and compliance activities. The primary users of the platform will be compliance professionals, internal and external auditors, management and board members. The key activities that will typically be of importance to these users will be: Policy Management: this facilitates fine grained management and control over policy and procedures and their distribution to the relevant stakeholders. It should enable the full policy/procedure lifecycle, from initial creation and review, through to dissemination and change notification and management. 2 P a g e

Risk Management: support for the management of risks, associated workflows and reporting activities. This includes managing the risk assessment lifecycle, risk mitigation, visualization of risk levels (through heatmaps), documentation of controls and control objectives, and support for auditing key controls and key risk and control indicators. The focus of the risk management activity will depend on the specific industry, regulatory environment and domain that is being assessed (e.g. credit risk, operational risk and product risk) 1. Compliance and Audit Management: support for managing the reporting of compliance information and issues. For example, the monitoring of losses resulting from risks, noncompliance issues, and their resolution. It also includes the ability to support external and internal professionals in their audit activities and to aid in the creation of appropriate reports and documentation that are required as part of this process. The ability to track and manage communications with regulators and general compliance queries and resolutions is also a common requirement. Supporting Functions and Activities There are a number of supporting functions and features that need to be provided by a GRC platform in order for it to be utilized successfully at the enterprise level. We have divided these into general enterprise functions and activities, and those that are specific to GRC. Enterprise Functions The following are enterprise functions that should underpin a GRC platform: Reporting and Dashboards: this is one of the most critical functions. All stakeholders in the GRC activity must be able to generate periodic and ad-hoc reports, including the ability to provide an overall picture of GRC activities and to be able to measure data across the organization. The ability to create and generate reports that are customized to the specific needs of stakeholders, e.g. external auditors, is essential, as is the ability to visualise the current status of specific activities through custom dashboards. Data Visualization: related to reporting and dashboards is the ability to provide a high level visual view of GRC activities. The purpose of these visualizations is to highlight areas of specific priority (for example, high risk areas or high priority issues). Heatmaps are a common way of achieving this, as are visual maps of risks and controls. Workflow: typically GRC activities will involve a significant number of different workflow activities. Examples include: managing the policy lifecycle; notification of changes to issues; and the sign-off of controls. Automating these workflows contributes to improved efficiency and to ensuring that information is governed openly and transparently. Again, the ability to flexibly 1 An essential requirement of a GRC platform is customizability. This is because in practice there is no one size fits all approach to GRC. Risk management may be applied to many different aspects of an organization, while compliance activities may be tailored to a wide range of regulatory frameworks or specific in-house processes. 3 P a g e

customize workflow and approval activities will ensure that specific internal processes can be accommodated by the GRC solution. Business Rules: an increasingly important aspect of risk and compliance management is the ability to process data (via business rules) to automatically enforce controls and route process events depending on specific risk and compliance scenarios. Tasks and Activities: related to workflow, tasks and activities are important to the day to day management of GRC activities: ensuring critical tasks are monitored and performed, and recording specific activities and events (meetings, communications, etc). The ability to relate task and activities to specific GRC data is essential. Communication support: because communication is a key part of GRC activities, it is important to have the ability to track and manage a variety of communications; including emails (both outbound and inbound); the recording of telephone conversations and other forms of communication such as instant messages. User interface customization: the ability to customize an interface to the needs of specific users and stakeholders is important for the following reasons: Firstly, different users will require different interfaces depending on their usage profile of the platform. Secondly, an organization may wish to make their GRC platform conform to existing document styles, formats and branding. Collaborative working: GRC is a highly collaborative activity, with the result that the platform must provide the ability to enable shared access to common data (subject to security controls see below) Customization technologies: in addition to being able to customize the user interface, the platform should provide the development tools to enable the rapid customization and development of other aspects of the platform, including the creation of additional enterprise applications, and the customization of data schemas. This should be achievable without the need for coding using wizard support and other graphical tools. Without this capability, the platform will be severely limited in its ability to grow and adapt to the changing GRC requirements of the organization. Multi-lingual: essential for all international organizations. Translation of both standard and custom labels should be supported. Specific to GRC The following are specific GRC related supporting functions: Risk Control Matrices: a matrix of control objectives, controls and related risks. Its purpose is to provide an easily accessible record of risks and the key controls that are associated with their remediation. Heatmaps: as mentioned above, heatmaps are a commonly used visual representation of risks. They are used to rank both the level of risk and their likelihood of occurrence against a variety of different aspects of the risk management activity. 4 P a g e

Survey tools: a generic, configurable facility for setting up and recording the results of a compliance audit or risk evaluation activity is an essential component of any GRC platform. The ability to link the results to existing GRC data is required. Policy mapping: this should enable policies (and other data) to be flexibly linked to other risks and controls, etc. Support for many to many relationships is required. Portal support: a portal is a central place (typically an intranet site) where key governance, risk and compliance information and reporting activities can take place. For example, it can act as a conduit for reporting regulatory breaches or as an interface between the compliance department and the rest of the organization. It should have the ability to flexibly adapt and change to new compliance and risk management requirements and support appropriate linkage to data in the GRC platform. Information Management Fundamental to the GRC platform, is a repository of information relating to GRC activities. This should encompass the following enterprise functions: Information ownership and transfer: this includes clear ownership of information (for example, risks, policies, etc) and the ability to track and re-assign ownership to other users. Information sharing: support for shared or partially shared access to information, depending on security controls (see below). Access should be based on individual security controls, and also group and role based access. Security: because of the commercial sensitivity of GRC activities, security controls should be extensive, in-line with industry standards, and be fine grained enough to manage access to information at multiple levels of detail. Profiles: related to security is control over the access available to specific profiles of users, for example, auditors versus managers. Profiles should not only govern access, but also user interface layout, administrative permission and access to specific applications on the platform. Audit Trails: full audit trails of changes made to information should be available in order to ensure that all changes to GRC data are auditable and traceable. Document management: this should support full configuration management of documents, including versioning and tracking of changes. This is particularly important for the management of policy documents. Integration The GRC platform should act as a central hub for integrating the many diverse aspects of GRC. These include the following enterprise functions: Data Integration: a GRC platform should provide a common underlying data infrastructure, which enables transparent access and consistent security controls. The platform should also provide a unified meta-data interface to enable access to the underlying data schema and provide the ability to easily integrate with external data sources and applications (ideally using web-services). 5 P a g e

Application Integration: by providing an integrated platform for shared GRC applications, significant benefit can be achieved through the use of consistent interfaces, shared task management, shared data management and shared application development. Moreover, significantly improved IT Governance is achieved by providing a single platform for managing a suite of GRC applications. Many organizations are challenged by having to manage multiple vendor applications, bespoke databases and spreadsheets. By porting this information to the platform, significant control can be achieved over business critical GRC information, enabling sharing of information, more transparent data management, and avoidance of data silos. The Force.com Platform The Force.com platform is an internet based application development platform provided by Salesforce.com. Although traditionally a CRM (Customer Relationship Management) company, Salesforce.com has invested significant resources into separating its CRM applications from the underlying platform, thus providing a foundation for developing internet based enterprise applications that can run in the cloud on the same platform as the CRM. There are currently over 51,000 customers of Salesforce CRM and over 80,000 Force.com applications have been developed, many of which have been marketed on the Appexchange (an online marketplace for Force.com applications). The Force.com platform provides an extensive, and rapidly growing, collection of enterprise platform capabilities, which include: a business friendly interface; a multi-tenant data base with support for metadata; a highly customizable development environment; powerful security and integration functions; full support for workflows and audit trails, and fully customizable reporting and dashboard tools. Another significant feature of Force.com is its utilization of Software as a Service (SaaS) which enables applications to be deployed without requiring local hosting. Also impressive is its on-demand licensing model, where the customer only pays for the licenses they require, rather than a large up-front installation cost. The Force.com Platform as a GRC Platform the Xactium GRC Solution While Force.com provides a powerful collection of enterprise platform capabilities, it is clearly missing the GRC specific functionality necessary to provide a complete GRC platform solution. To address this issue, Xactium has developed a suite of native Force.com GRC applications, which fill, the gap to provide a complete GRC solution. Xactium s GRC applications support the following activities: Risk Management: supports operational risk, including key controls, control deficiency logs, key control indicators, process hierarchies, heatmaps and audits. Policy Management: includes support for the policy lifecycle, including creation, review, approvals and dissemination. Compliance and Case Management: provides support for managing compliance issues, escalation, reporting, auditing, and portalization of compliance activities. Anti-Money Laundering Audit Management: manages the AML client on-boarding and review process. 6 P a g e

HR Governance: includes support for role profile management and career path management. In the following sections we ll compare the features of a GRC platform with those provided by the combination of Force.com and Xactium s GRC applications. The result is a complete GRC platform solution which offers a number of key business benefits to end users. Enterprise Functionality As described, a GRC platform must provide a significant number of generic enterprise capabilities if it is to successfully address the requirements of a GRC platform. In the following tables, a summary of the enterprise features offered by Force.com is matched against the required enterprise functions of the GRC platform. Supporting Functions Supporting Function Available? Comment Reporting and Dashboards Yes Custom reports and dashboards can be created using wizards and then shared across the organization. Data Visualization Yes Support for visualization is provided by (configuration integration with adobe flex and the Google required) visualization toolkit, but configuration is required. Workflow Yes Support for workflow and complex approval processes is available via wizards. Complex workflows must be implemented in APEX (a platform specific programming language). Business Rules No Currently there is no support for business rules in Force.com, although they can be implemented using APEX. Tasks and Activities Yes Tasks and activities can be assigned to specific records and tracked in applications or in Outlook. Communication support Yes Synchronizes with Outlook, and also supports recording of emails against records and management of incoming emails. User interface customization Yes Interface can be customized using drag and drop wizards. Non-standard interfaces can be built using VisualForce (a platform specific user interface design language). Collaborative working Yes Data may be accessed by multiple users depending on specific sharing rules. Customization technologies Yes Extensive customization and development is possible across the entire platform, including the creation of new applications. 7 P a g e

This can be both wizard driven, or via programming. Multi-lingual Yes Multi-language support is available for standard labels and fields. Custom labels can also be used to provide multi-language support for custom applications. Information Management Supporting Function Available? Comment Information ownership and Yes All records are assigned ownership to a transfer specific user. Record ownership can be transferred and an audit kept. Information sharing Yes The platform supports multi-user access with sharing of data enabled (subject to security controls). Security Yes Security conforms to international security standards and supports a number of security protocols, including IP restriction, strong passwords and IP authentication. Profiles Yes Users can be assigned different profiles. Profiles can be customized to permit access to as much or as little of an application as desired, and to specific custom views of data. Audit Trails Yes Changes to records down to the field level can be recorded and tracked. Content Management Yes Salesforce Content provides full content management support. However, it must be purchased separately. Integration Supporting Function Available? Comment Data Integration Yes Provides a fully featured multi-tenant database with support for accessing metadata and the ability to integrate with external data sources via web-services. Application Integration Yes All applications running on the platform provide consistent interfaces, shared task management, shared data management and shared application development. 8 P a g e

Force.com addresses virtually all the key enterprise platform requirements for a GRC platform. In the next section, we will show that the Force.com platform in combination with GRC specific functionality provided by Xactium s applications can provide a complete GRC platform solution. GRC Specific Functionality In order to address the gap in GRC functionality, Xactium has developed native Force.com applications which provide the following functionality. Supporting Function Available? Comment Policy Management Yes Xactium Policy Manager provides policy management, policy distribution and compliance monitoring. Risk Management Yes Xactium Risk Manager supports the full risk management lifecycle, including risk assessment, risk monitoring, documentation of controls, and support for auditing key controls and key risk and control indicators. Compliance and Audit Yes Xactium Case Manager enables the Management reporting of compliance information and issues, including tracking of actions. GRC Specific Supporting Functions In addition, the following supporting functions have also been developed: Supporting Function Available? Comment Risk Control Matrices Yes Xactium Risk Manager provides risk control matrix support, including mappings between control objectives, controls and risks. Heatmaps Yes Xactium Risk Manager supports a variety of heatmap visualization tools that can be applied across multiple risk areas, for example, all risks relating to a process or product. Survey Tools Yes Survey tools are available through the Appexchange. Xactium also provide native Force.com survey tools that integrate seamlessly with their GRC applications. Policy Mappings Yes These are supported between Policies and Risks, but may also be added elsewhere through simple customization of the applications. 9 P a g e

Portal Support Yes Xactium provide support for Portals using Force.com Sites a web. In summary, the combination of enterprise platforms and custom GRC applications addresses the key requirements of a GRC platform solution. The next section examines the benefits this combination provides to business users. The Value of Force.com as a GRC Platform It is generally accepted that there are a number of key benefits of using a platform to manage GRC. These include: Unifying increasingly complex GRC architectures and processes. Enabling a common reporting facility, with a consistent look and feel. Enabling the development and integration of an organization s own applications, including porting existing spreadsheet and access database applications into the platform, thus providing good IT governance over critical business information. The ability to rapidly acquire and integrate best of breed applications into the platform. Support for a cross-enterprise, collaborative approach to compliance. From the above analysis, it is clear that Force.com can provide all these advantages. In addition, there are some specific benefits from using Force.com as the basis of a GRC platform: The ability to use Force.com developer tools and integration capabilities to rapidly accelerate the development and integration of GRC applications into the platform. The ability to start small and grow big. Because there is no cost in purchasing the platform, small GRC applications can be delivered through Force.com, and gradually added to as confidence and experience grows. Utilizing the benefits of SaaS deployment and on-demand software, including minimal deployment effort and installation cost, pay for what you need, and support for secure multiplatform, multi-site access. Leveraging the rapidly growing Force.com eco-system, including the growing number of general purpose applications on the Appexchange, documentation, training, certification, and professional services. Access to existing enterprise applications on Force.com, including the CRM and PRM. CRM and PRM is becoming increasingly synergistic with risk management and compliance, for example in managing supply chain risk and in contract risk. Benefiting from the many third party integration options offered by the platform, e.g. ERP, Google, Facebook, Amazon, etc. Benefiting from the proven security and scalability offered by the platform. 10 P a g e

In addition to the cost benefits of using a GRC platform, Force.com offers reduced costs associated with adopting SaaS and the benefits of being able to develop and integrate new applications at a fraction of the cost of traditional development approaches. Summary The enterprise GRC platform provides a way to unify multiple GRC activities and enables a common reporting capability for a wide variety of GRC activities. In an increasingly risk and regulatory driven world, having a common platform enables enterprises to develop and integrate their own solutions, use solutions that the platform vendor provides, acquire and integrate solutions from best-of-breed vendors, or a mix of all those approaches. Thus, the enterprise GRC platform is an essential part of the strategy for a cross-enterprise approach to governance, risk and compliance. The Force.com platform provides an excellent foundation for GRC, particularly when combined with GRC applications from Xactium. Related Publications Gartner Report: The Enterprise Governance, Risk and Compliance Platform Defined, Q1 2009 The Forrester Wave : Enterprise Governance, Risk, and Compliance Platforms, Q4 2007 Forrester Report: Trends 2007: Governance, Risk, and Compliance, Q2 2007 Key Words CRM Customer Relationship Management GRC Governance, Risk and Compliance PaaS Platform as a Service PRM Partner Relationship Management SaaS Software as a Service SOX Sarbanes Oxley About Xactium Xactium is one of the leading enterprise application providers using the flexibility, freedom and adaptability of software as a service and the Force.com platform. Recognized by Salesforce as its strategic partner for Governance, Risk and Compliance (GRC) applications, Xactium has produced the world s first native Force.com enterprise application and a suite of point solutions. In 2008, Xactium became one of the first 30 companies in the world to become an OEM partner with Force.com. Xactium UK PCI House, Woodseats Close Sheffield, S8 0TB, UK Office: +44(0) 114 2580945 Fax: +44(0) 114 2581032 Email: info@xactium.com Xactium Scandinavia Lostigen 20, 170 75 Solna SWEDEN Email: info@xactium.se 11 P a g e

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback