One of the major challenges associated with any governance, risk management or compliance (GRC) project is not only gathering the data, but also dealing with all the formats in which that data is stored.
To help address this issue, Modulo, a provider of a GRC management platform, has launched an open source project called the Open Distributed SCAP Intelligent Collector for collecting data. As a subset of the Security Content Automation Protocol (SCAP) format for exchanging security data that was developed by the National Institute of Standards and Technology, Modulo is hoping that broad adoption of its collector technology will simplify the management of GRC, which in turn will spur increased adoption.
The Modulo collector technology is being made available as an open source project called modSIC to which Modulo is hoping vendors and customers alike will decide to make ongoing contributions.
According to Jeff Kushner, director of marketing for Modulo, the modSIC project is designed to make GRC more "plug and play" in the hopes that by making it easier to collect data in a standard format, the complexity of GRC will drop dramatically.
There's no doubt that all things related to GRC are a necessary evil. But right now vendors seem more focused on creating proprietary silos of GRC information and then wonder why more organizations are not embracing GRC. There's a great need for a general simplification of GRC in the face of hundreds of regulations and compliance requirements. But until there is broad adoption of open formats for storing and collecting that information, GRC will remain more complex than it needs to be.