IT-GRC (Governance, Risk & Compliance) COTS solutions

[Faith Mcgrath <faith.mcgrath () YALE EDU>]

Yale is investigating IT-GRC (Governance, Risk & Compliance) COTS
solutions as an alternative to expanding our current in-house system
inventory application that was developed specifically for HIPAA Security
compliance. We need a solution for the broader spectrum of  State and
Federal regulatory requirements. In consultation with Gartner, we
selected four vendors to send a RFI:
        1.  Agiliance (http://www.agiliance.com/)
        2.  Archer Technology (http://www.archer-tech.com/)
        3.  Brabeion (http://www.brabeion.com/)
        4.  Mudulo Security (http://www.modulo.com/)

If anyone has experience or opinions about these GRC solutions, I would
appreciate your input or comments. Thanks.


__________________________
Faith McGrath, Associate Director
Yale University ITS - Information Security
faith.mcgrath () yale edu
voice: 203.737.4087
security () yale edu || security.yale.edu

Please be aware that email communication can be intercepted in
transmission or misdirected. Please consider communicating any sensitive
information by telephone, fax or mail. The information contained in this
message may be privileged and confidential. If you are NOT the intended
recipient, please notify the sender immediately and destroy this
message. If you wish to confirm the content of this message and/or the
identity of the sender please contact me at the phone number given above.