SAP and Cisco today announced a partnership to integrate the SAP NetWeaver platform with Cisco's services-enabled...
SAP will also launch three new applications that address governance, risk and compliance -- the SAP GRC Repository, SAP GRC Process Control, and SAP GRC Risk Management.
The joint marketing agreement with Cisco addresses access and identity management between an SAP customer's applications and its Cisco network architecture. Cisco embeds Web services in its networking software to address application-oriented networking, unified communications, security, mobility and identity services.
The Cisco networking software is integrated with SAP's GRC applications through NetWeaver to provide security alerts to managers by tying together the SAP applications with Cisco networking hardware.
The GRC Repository and the GRC Process Control applications are a result of SAP's recent acquisition of Virsa Systems Inc. and are aimed at SAP's large and midsized customers and their partners, according to Doug Merritt, executive vice president and general manager of suite optimization at SAP.
"It's a set of solutions that impact not just the larger set of organizations but across the supply chains to even the smallest participants across the business ecosystem," Merritt said.
The GRC repository centralizes company data, including corporate policies, board of director minutes, regulations, compliance and control frameworks. The repository will also enable customers to link to multiple compliance control frameworks to address international regulations.
"We have already drawn out responses," Merritt said, "so organizations don't get caught without adequate preparedness."
The SAP GRC Process Control application automatically aggregates business process risks for the entire enterprise, provides supporting evidence of compliance, and pinpoints control violations. The software includes role-based dashboards that will integrate automated control monitoring for SAP and non-SAP applications.
A new application developed by SAP -- SAP GRC Risk Management -- will act as a tool for customers to analyze business risks across organizational entities, business processes and IT infrastructure. SAP designed an interface to guide professional risk managers and business owners in identifying and responding to financial, legal and operational risks.
SAP said general availability for SAP GRC Repository and SAP GRC Process Control will be Nov. 30, 2006. SAP GRC Risk Management will ship in December, 2006.
In the past, SAP has been very prescriptive about how GRC gets done, according to John Hagerty, vice president and research fellow at Boston-based AMR Research Inc. SAP took a broad approach to compliance within its applications and relied on best-of-breed vendors to fill gaps, Hagerty said.
"[The new applications] give SAP customers and prospects another level of strategic management to the business," Hagerty said. "But customers are not going to be forced to adopt it. They can adopt it when they're ready to adopt it."
SAP is capitalizing on a boom in the compliance market, where analyst firms predict spending will continue to climb. The software vendor acquired Virsa in April and, at the Sapphire user conference in May, announced a new business unit that addresses governance, risk and compliance.
"We're accelerating our planned integration of the Virsa-acquired products together with the SAP set of assets," said Shai Agassi, president of SAP's Product and Technology Group. "We said we would take 12 months to get a common framework together and we're here five months later with an integrated set of products."
SAP is not the first to address risk in its compliance portfolio, Hagerty said. Some best-of-breed compliance vendors, including Waltham, Mass.-based Open Pages, have been broadening offerings to include risk management.
"What SAP has going for it is that SAP addresses different compliance programs by industry," Hagerty said. "Among business managers, there's a lot more interest in the role of risk management across the business."