Oracle’s Governance, Risk, and Compliance (GRC) is a collection of applications, content management, data management, and analytic reporting capabilities that are used for documenting compliance with various initiatives such as Sarbanes-Oxley and its equivalents in other nations; HIPAA, for patient privacy; ISO 9000, for documenting quality; and others.
Although Oracle has offered many of these functions within its various applications, databases offerings, and middleware tools, according to Chris Leone, vice president of ERP application strategy, this is the first time that Oracle has bundled them together to work across its product line.
For instance, Oracle GRC leverages Oracle Database Vault, which is used for restricting user access to sensitive data; and it uses Oracle Transparent Data Encryption for protecting data privacy.
The GRC suite will work across Oracle’s E-Business Suite, PeopleSoft Enterprise, JD Edwards, and Siebel applications, and with published interfaces, will accept data form non-Oracle sources as well.
Among the capabilities that are being released, are a central compliance module that highlights areas that are, or are in danger of falling out of compliance. And, for processes that are automated, it will provide some self-corrective capabilities. GRC will also offer a library of segregation of duties (SOD) controls, which include 200 access control rules applying specifically to Oracle E-Business Suite. Additionally, the GRC suite will consolidate configuration controls for each of Oracle’s business applications, and provide continuous monitoring for changes in those controls.
Later this year, Oracle GRC will add an analytic dashboard that applies BI approaches for trend analysis of compliance and risk management processes and activities, with a range of different reporting capabilities.
Excluding the analytic piece, called Oracle Fusion GRC Intelligence, all of the other modules of Oracle GRC applications are available now.