When Founders Federal Credit Union shopped around for a GRC system, the products it liked the most were designed for large enterprises. They required a lot of work to implement, which would tax the small IT staff of the Lancaster, S.C.-based financial organization.
"We are very lean and efficient," Bob Bender, chief technology officer at Founders Federal Credit Union said. The organization wanted an automated system that the IT team was familiar with and would provide a holistic view of risk and compliance, he said.
The credit union found what it was looking for with TraceSecurity Inc.'s TraceCSO, a cloud-based governance, risk and compliance (GRC) tool. Los Gatos, Calif.-based TraceSecurity formally launched its cloud GRC Wednesday.
TraceCSO is built on TraceSecurity's Compliance Manager platform, which Founders Federal Credit Union had been using for several years. TraceCSO provides a centralized system for risk management, auditing and compliance reporting. The cloud GRC identifies and prioritizes risks, including network vulnerabilities, and assesses compliance based on a database of thousands of regulations and citations.
Dariel LeBoeuf, TraceSecurity vice president of sales and marketing, said TraceCSO integrates the core functions of IT GRC, including risk management, vulnerability management, policy management, training and vendor management.
Most GRC products require the support of large enterprises, LeBoeuf said. TraceCSO is designed to meet the needs of small and midsize organizations with 100 to 5,000 employees that don't have large IT staffs. "We made a major effort in making the product simple to use," he said.
The setup wizard sets the system up by adding users, defining permissions and network scanning. After the initial setup, TraceCSO starts with a risk assessment, which designates risk controls. Controls are mapped to the database of regulatory and authoritative citations to assess compliance. The database incorporates the Unified Compliance Framework from Lafayette, Calif.-based Network Frontiers, LeBoeuf said.
Founders Federal Credit Union has been testing TraceCSO, which Bender said is helping the organization manage its multiple regulatory requirements. The service allows the credit union to easily compare its asset base to multiple IT standards and industry regulations. "There's less guesswork, and if we have a question about our interpretation of a regulation, we can ask Trace for help," Bender said.
Building vendor relationships are important for Founders Credit Union, he said. "We like to build long-term relationships. We do our due diligence and stick with them and test them with improving their product," Bender said. "Trace has done a very good job."
TraceSecurity's cloud GRC tool allows the credit union's IT staff to remain lean and efficient, Bender said. Another benefit of TraceCSO is that is allows the company to provide external access to auditors for a limited amount of time. "This keeps the security and controls in place," he said.
Available later this month, TraceCSO is sold on an annual subscription, based on employee size. Pricing starts at about $5,000, including support.