Q1: What server and desktop platforms does the FulcrumWay GRC Monitor support?
GRC Monitor works on ‘SaaS – Software as a Service’ platform. The software can be accessed via a web browser such as Microsoft Internet Explorer (6.0 or above) or Firefox.
Q2: Is there integration between GRC Monitor and Oracle? If so, using what method?
Yes - GRC Monitor provides a seamless integration with your Oracle E-business suite instance. FulcrumWay GRC Monitor provides SQL scripts to extract ERP data. This data is uploaded directly into GRC Monitor using FTP, over a secure connection protected by VeriSign.
Q3: What is the required and recommended hardware to support GRC Monitor?
No new hardware is required to support the system. This is a hosted solution.
Q4: Is any new software required to support GRC Monitor?
No new software is required to support the system. This is a hosted solution.
Q5: What programming language is GRC Monitor written in?
GRC Monitor software is written using Java, JSP, XML, Oracle and PL-SQL.
Q6: What operating system does GRC Monitor run on?
GRC Monitor is a ‘SaaS – Software as A Service’ platform that runs on a LINUX operating system. The software is accessed via any web browser such as Internet Explorer (6.0 or above) or Firefox.
Q7: When was GRC Monitor introduced to the general marketplace?
FulcrumWay commercially released GRC Monitor in 2005.
Q8: Since GRC Monitor was first introduced, how many upgrades, releases, or patch sets have occurred?
After the beta version, there have been 4 major releases. About 15 major patch sets have been released since the beta version.
Q9: Approximately how often are upgrades, releases, or patch sets issued?
Major functional enhancements are deployed on a semi-annual basis. In the past, we have released one major product version a year.
Patch sets, which typically include bug fixes and minor enhancements, are released quarterly. Additional patch sets are issued on an as-needed basis.
Q10: What is the hardware and software lifecycle that describes the vision for your company’s software?
Hardware: We continually monitor our hardware for performance, scalability and storage. Hardware changes including memory increase, storage space optimization and server architecture review are done in conjunction with the semi-annual release cycle. Our system maintenance activities are performed on Sundays from 12 AM PST to 3 AM PST.
Software: FulcrumWay GRC Monitor addresses Segregation of Duties (SOD) remediation using the Access controls module. In addition, there are control modules for Configuration Monitoring, Transaction Monitoring and User Access Provisioning. These modules can be enabled based on client requirements.
Q11: Which business requirements are addressed by GRC Monitor?
• Access Controls – Segregation of Duties
• Configuration Controls Monitoring
• Transaction Controls Monitoring
• GRC Financial Close Process – Automating the various steps in the close process
• GRC Surveys – Used to perform internal surveys that assess risks in control effectiveness and risk assessment processes
• GRC Process Manager – Business Process, Risk Controls Monitoring documentation & Certification
• GRC Financial Risk Assessment - Top-down risk assessment (AS5)
Q12: How does GRC Monitor handle different levels of responsibility and security access to data and functionality?
FulcrumWay GRC Monitor supports secure access to data based on roles and privileges. Some of the ‘out of the box’ roles include:
• GRC Monitor Administrator – Access to setup roles and privileges with other administrative privileges
• GRC SOD User – Access to loading data, reviewing SOD rules, executing access tests and managing violations
• GRC SOD Reports – Access to viewing SOD roles and to reviewing analytics and reporting functions
• External (if required) – Access to viewing the violation reports and reviewing roles.
Q13: Does GRC Monitor address the requirements of particular industries?
Since 2003, FulcrumWay have successfully completed our GRC solutions at over 100 Fortune-500 and Middle Market companies across all major industries. Our highly experienced and qualified professional advisors guide organizations based on their deep knowledge of governance, risk and compliance best practices, templates and tools.
Q14: Can you describe your involvement in your user community?
Our user group is known as “FulcrumWay Insight” and our meetings are held at the annual conferences of the Oracle Applications User Group (OAUG). Two FulcrumWay managers sit on the board of the Oracle GRC Special Interest Group (SIG).
We sponsor two annual FulcrumWay user group meetings. One at the conference of the Oracle Applications User Group (OAUG) each Spring and another at Oracle Open World in the Fall.
Q15: Can you describe the source of the Segregation of Duties (SOD) rules that are incorporated into GRC Monitor?
FulcrumWay's SOD rules were built based on best practices in the industry and our extensive customer experience in the GRC space. These rules have been reviewed by many leading audit firms including Deloitte, PWC, E&Y and KPMG during our client audit review process. They are included ‘out of the box’ as part of GRC Monitor.
Q16: Where is FulcrumWay’s data center located?
FulcrumWay has two data centers located in Dallas and Houston, respectively.
Q17: What happens in the event of an outage?
Email notifications are sent to a designated distribution list whenever there is a systems outage, maintenance or upgrade. Client system administrators will be notified via this email distribution list. Our system maintenance activities are performed on Sundays from 12 AM Pacific Time to 3 AM Pacific Time.
Q18: How is data transferred in and out of GRC Monitor?
FulcrumWay GRC Monitor provides SQL scripts to extract ERP data. This data is uploaded directly into GRC Monitor using File Transfer Protocol (FTP), over a secure connection protected by VeriSign.
Q19: What are your hours of technical support?
FulcrumWay provides technical support on 24 X 7 basis, 365 days a year.