SecureGRC: Unification of Security Monitoring and IT-GRC
Merchant Compliance Management and Policy Management
1. Merchant Compliance Management and Policy Management
Merchant Compliance Management
SecureGRC merchant compliance management helps banks and financial institutes to ensure their
merchants comply with the regulations applicable to their business.
What is Merchant Management?
According to VISA,
Acquirers are responsible for ensuring that all of their merchants comply with the PCI Data Security
Standard (DSS) requirements
And according to MasterCard,
MasterCard fundamentally views our member Acquirers as owning the acquiring payment channel.
Given this perspective, MasterCard works to administer the SDP Program through our Acquirers,
working with merchants tofurther secure the transaction infrastructure. Please note that acquirers
themselves do not need to go through the SDP compliance process but they must manage the SDP
processfor their merchants.
Merchant Management is the process that enables card acquirers toensure that their merchants are
compliant with the PCI Data Security Standard and thereby satisfy the demands of the various card
brands. SecureGRC merchant management enables organizations (banks, acquirers, service providers
etc.) to manage the compliance of their merchants with the PCI DSS. Merchant management automates
many of the manual tasks associated with the merchant compliance process. When organizations are
dealing with thousands of merchants, the process of managing compliance could consume an enormous
amount of resources, time and money. CMMenables organizations to reduce all of these by providing a
single interface to all compliance processes through a universally accessible web based interface.
Key Features
Automate monitoring of controls such as management of sensitive data and technical controls.
Enable vendor managers to manage risk.
Assess vendor risk using various assessment types and a library of questions based on best-
practice standards.
Derive risk and compliance ratings by type of vendor from assessment results.
Measure vendor compliance to policies and procedures.
Track and address areas of non-compliance identifiedin the vendor assessment process
2. Policy Management
What is Policy Management?
Policy managementis the overall process of managing the plethora of policies, procedures, guidelines
and other documents that are part of the governance framework and function in any organization.
SecureGRC PolicyManager
SecureGRC Policy Manager provides an integrated solution to managing all the policies, procedures,
guidelines, or standards that are the basis of the governance framework at any organization. Policy
Manager allows organizations to consolidate all their policies, store them in a central repository,
measure the IT compliance with these policies, and view various statisticsfrom a central dashboard.
Policy Manager provides access to the core elementsfrom the SecureGRC platform such as Workflow,
Document Management, Policy Inventory, Fine-grained access control through a secure Web based
interface.
Key Features
Single and centralized repository for all policies
Version control for all policies and procedures
Monitor acceptance of policies
Out of the box policy and procedure templates
Ability to link policy and procedures to controls
Dashboards and reports
Remediation tracking