So, what exactly is ITSM, you ask? The strict definition is something along the lines of this: “All the activities involved in designing, creating, delivering, supporting and managing the lifecycle of IT services.” A huge part of ITSM is Incident Management, or IM for short (yay, acronyms!).
About Evan Stos
Evan leads the professional services team for Onspring solutions.
As someone who has worked with auditors for over a decade implementing software to help streamline their audits, I can undoubtedly say that the auditor stereotypes are mostly untrue. First off, I’ve met several auditors that I would consider “glass half-full” people; the kind that would be more likely to say, “What would we do if Karen won the lottery and quit?!” rather than “What would we do if Karen got hit by a bus?!”
When GRC platforms started becoming a “thing” in the mid-2000s, there were only a few major players in the market. They focused primarily on IT: whether it be controls, policies or risk management. Additionally, with the Enron and Worldcom scandals, SOX and its myriad of financial reporting controls quickly became platform offerings as well. As the market started expanding quickly at the turn of the decade, the concept of “eGRC”, with the “e” standing for enterprise, swept the landscape. Why settle for managing IT processes when many of the tools were capable of managing an entire organizations’ Governance, Risk and Compliance frameworks? The natural progression had begun.
Whether it be ISO27001 or NIST, ensuring that you are employing the proper policies and frameworks is essential. Not doing a regular assessment could cause major, unsustainable damage to your business. Having the right platform to help you organize all of the policies, risks and other pertinent information (trust me, there’s a lot) is essential.
Being a project manager (PM) can be a tough gig; when everything is going fine, you may, at times, be viewed with disdain: a mere “meeting scheduler” who collects status updates from the key stakeholders and SMEs, reporting them upwards. When everything isn’t going fine, they are in the cross-hairs of everyone: the key stakeholders, the SMEs and the higher-ups they report to.
So how do you filter out the noise of bad reviews? By going back to basics: If you know someone who is using or has used a product you’re looking at acquiring, ask them how they like it. Here at Onspring, we’re always happy to refer potential customers to existing ones, even if what is shared between them isn’t 100% sunshine and puppy dogs when it comes to our product.
Sometimes a little pain still brings big gain. Be it football or GRC platforms, rough and bumpy opening scenarios don’t mean you won’t have future success.
When our customers are establishing ERM and Policy Management programs within Onspring, the question of “who owns these risks/policies/controls?” comes up time and time again. Unfortunately, finding the right people to own process-level or content-level items can be quite challenging.
Clients often think that moving from one platform to another is “scarier” than moving from spreadsheets into a platform. But the reality is, the spreadsheet-to-platform conversion is usually more onerous! Evan Stos demystifies the platform-to-platform migration process in four simple steps.
Getting help with software implementation from trained experts is great. But what happens when the consultants are gone? Will you be equipped for success? Evan Stos shares three helpful tips for becoming self-sufficient and “owning” your solutions right away.
Too many decision makers purchase a tool based on the fact that it “can” automate GRC/other business processes, not on “how” it does it for your organization. Just like buying a volume maximizing shampoo will indeed clean your hair…beware the unintended consequences.
I have a running list of recurring phrases in GRC (there are quite a few), and I’d like to share two of them with you: specifically, my favorite and my least favorite. And since I think I read somewhere that it’s always better to lead with bad news (or maybe it was the other way around?), I’ll start with my least favorite: “What are other people doing?”