CA Announces Comprehensive Solution for IT Governance, Risk and Compliance

New CA GRC Manager and CA’s IT Control Automation Solutions Empower Customers to Meet Escalating Regulatory Challenges

ISLANDIA, N.Y.– CA (NYSE: CA) today unveiled a comprehensive solution for empowering IT organizations to achieve their increasingly challenging and business-critical governance, risk and compliance (GRC) objectives. The solution features CA GRC Manager, an innovative product that provides portfolio management of IT risks across the enterprise, as well as CA’s industry-leading IT control automation solutions.

Proliferating regulatory activity and the demands of investors are generating greater pressure on businesses of all types to improve their GRC practices. As the steward of enterprise information, IT organizations are especially subject to these pressures, and bear a disproportionate level of cost, effort and risk in responding to these mandates.

As a leading provider of IT controls technology, CA is uniquely able to help customers cope with these growing GRC pressures. CA will continue to build on its GRC strategy—which has attracted strong support from leading consultancies and practitioners—over the coming year.

“Leveraging technology to support the integration of governance, risk and compliance across the enterprise can help an organization create and sustain an effective compliance program,” said Andrew Toner, partner, PricewaterhouseCoopers. “Organizations face increasing challenges today as they react to the rapid pace of change in the global market and the demand for increased transparency and accountability. Together, PwC and CA can help organizations combine business process improvements with technology solutions to more effectively and efficiently address enterprise governance, risk and compliance requirements.”

CA GRC Manager

Unlike IT GRC solutions that offer tabular, report-based policy management, SOX compliance or risk assessment tools, CA GRC Manager is the industry’s only visual portfolio-based solution. This helps companies effectively organize and prioritize how they will stay in compliance and be under acceptable risk thresholds for the least amount of labor. The concept of a portfolio view is analogous to financial portfolio management, where a portfolio enables measurement and objective evaluation of investment scenarios. With CA GRC Manager, the IT risk portfolio is modeled to fit the desired risk posture of the organization. CA GRC Manager is also the only IT GRC solution that includes rich project management capabilities to ensure that optimal remediation plans are produced, communication barriers are eliminated and IT compliance projects are executed effectively.

“To fulfill their continually escalating GRC requirements, IT organizations need to adopt a portfolio-based approach that is cohesive, highly disciplined, and well-automated,” said Jacob Lamm, executive vice president and general manager at CA. “By providing a powerful technology foundation for implementing such an approach, CA is enabling customers to successfully cope with regulatory pressures while controlling costs.”

CA GRC Manager also enables customers to map their diverse IT risks and controls to specific legislative mandates, industry regulations, and corporate policies. This cross-referencing helps eliminate the organizational “silos” that commonly lead to redundancies, inconsistencies, and gaps in IT GRC. And, with a global repository of IT risks and control information, CA GRC Manager replaces the unsustainable mix of multiple systems and ad-hoc spreadsheets, charts and documents used to handle IT risk and controls in many organizations today.

“Every organization knows that it has serious GRC issues, but no organization has unlimited resources to devote to those issues,” said Richard Ptak, Managing Partner, Ptak, Noel & Associates. “The tools that CA is providing to help managers maintain alignment between resource allocation and business risk are therefore extremely crucial to the success of its customers’ GRC initiatives.”

CA GRC Manager also includes the Unified Compliance Framework, which maps an “out-of-the-box” set of more than 4,000 control objectives to 280 standards and regulations such as COBIT, COSO, NIST, ISO17799:2005, SOX, HIPAA, PCI and NERC. It is fully configurable and extensible to other GRC libraries. This combination of packaged functionality, configurability and extensibility accelerates the creation, approval, and maintenance of GRC policy-and-procedure documents and helps organization correlate their policies to ongoing changes in regulatory requirements.

“CA gave us a central, authoritative system for our total IT GRC program,” said Karen Wiltgen, director of IT governance and compliance at Manpower,a global leader in the employment services industry company. “Its role-based dashboards are particularly useful for monitoring IT risk and ensuring our ability to rapidly remediate issues as they arise.”

IT Control Automation Solutions

CA’s portfolio for IT GRC is further supported by a broad range of IT Capability Solutions that automate IT controls for security, information, and change:

* Security controls safeguard IT resources and data through a combination of Identity and Access Management, Security Information Management, and Threat Management
* Information controls safeguard the integrity of information assets and ensure their availability, even in the event of catastrophe, through a combination of Records Management and Recovery Management
* Change controls safeguard IT services from being compromised due its own ongoing development and infrastructure management activities through a combination of Change and Configuration Management.

CA has already demonstrated industry leadership in all of these areas. The company’s upcoming Identity and Access Management (IAM) r12 solution, for example, will provide enhanced compliance reporting for improved visibility into IT controls and easier compliance with relevant mandates across distributed and mainframe platforms, as well as improving security for service oriented architecture (SOA)—important considerations in any long-term IT GRC strategy.

In conjunction with this announcement, CA is introducing the beta release of CA Security Vulnerability Manager (CA SVM). CA SVM helps organizations measure compliance and manage risk by identifying vulnerabilities in software and configuration settings, linking them to critical business assets and facilitating remedial action.

CA customers seeking to leverage the expertise of experienced IT GRC professionals to more rapidly achieve IT GRC excellence can work with CA Services, as well as select CA partners.

Pricing and Availability

CA GRC Manager is available on a per-user basis.