5 Ticketing Systems for GRC and 3 Reasons They Matter

Published April 17, 2017 by 6 min read

Choosing to automate the GRC process comes with the additional benefit of being able to automate activities using a ticketing system process. While many GRC tools have their own ticketing systems, understanding the integration of systems across the entire organization can help you decide whether you want to use the built in system or invest in something that plays well with other corporate initiatives.

How do ticketing systems help with GRC?

Ticketing systems are automated to-do lists. Since automation helps to break information silos, having a ticketing platform that also works with all the other information systems in the company keeps system silos from being created. Since there are many different stakeholders involved in the GRC process, sharing to-do lists across the multiple areas in order to define roles matters. The right ticketing system can do this.

 

According to Foley, Chamberlain, Rolsky, Spier, and Vincent, ticketing systems can maximize efficiency,

If you are using an effective ticketing system, you can easily find helpful information like the number of outstanding tasks, the status of all the submitted work this week, who is not overloaded, and who has more work than they can reasonably handle. You can locate essential tasks that are still open, and assign the merely nice-to-have tasks to the back-burner by simply changing the status of a ticket on a web page.

Members of your team can cross-assign tasks to other members when they’re overworked, or find another team member who is more of an expert on a particular task. They can assign the expert to the ticket as an interested party or may even transfer ownership altogether.

This kind of system ensures high visibility. The entire team will always know the overall state of the tasks at hand—what needs doing and who should be doing it.

Ticketing systems streamlines the communication about the responsibility for GRC tasks in the same way that the platform provides streamlined access to the information. This overlap enhances the organization’s use of the GRC tools.

What is the difference between ticketing systems and GRC automation?

GRC automation focuses on creating an electronic warehouse for all your compliance information. When thinking about the GRC environment, automation allows for an efficient solution to the information storage and gathering.

Neil Roiter at CSOOnline writes,

They [GRC tools] automate information gathering.

Questionnaires can be distributed through the IT GRC tool interface or a Web portal and collated and correlated automatically, without swapping e-mails and spreadsheets.

Existing spreadsheets and policy documents can be ported to the automated tool. In addition, these tools will automatically collect data from IT and security systems. They automate assessment and remediation of technical controls.

Based on data gathered from people and other systems, GRC tools reduce the time and resources that must be devoted to identifying compliance gaps and managing remediation, and they improve the accuracy of assessments.

Automating the information repository and the ability to share across departments helps stakeholder communication. It does not, however, remind those stakeholders to engage in the process of putting the information together. That is the role of the ticketing process.

Traditionally, people think about ticketing in terms of IT services. A call comes into the IT help desk, the desk does triage to determine the priority of the problem, and then the ticket moves through the various stages of getting fixed.

In the case of GRC, the ticketing process creates a workflow specifically around the review of policies and processes. In order to ensure that all stakeholders are appropriately engaged, you can use the ticketing process to tag people involved and assign them specific tasks. As the tasks are completed, the review process moves forward. In the event that someone is not doing their job, the ticket stops moving forward. Ticketing, therefore, allows you to hold stakeholders accountable.

What makes a good ticketing system process for GRC?

The most important question for instituting a ticketing process should be how to maximize efficiency. Efficiency comes from complete integration. Integration occurs when systems work well together. Before looking at the ticketing solution’s capabilities, look to whether it will integrate cleanly with your current systems. If you think about the employees involved in your compliance environment as “customers,” the idea of CRM can apply to the determinations you make. In much the same way that a company would want to integrate ticketing software and CRM, you want to think about how to integrate ticketing software and your GRC tool.

This integration of ticketing and GRC will look very similar to the ticketing and CRM. Synchronization matters to both because unless all of your systems share data correctly, the ticketing process will not be effective. This means that you need to start with the systems ability to synchronize with your GRC. Below is how Agile CRM describes the importance of CRM and ticketing synchronization,

Seamless Synchronization of the Systems

You have the tasks that need to be automated and the widgets you need to automate this process, now look at how you can integrate it. Both the systems need to be synced in the most seamless way possible so that if any customer raises a ticket in the system, there needs to be an alert in your CRM. It should be able to:

  • Import all the contacts from the help desk in your CRM to have data under one platform.
  • Sync customer data and tickets with your CRM contacts’ data for single and better view of contacts’ data.
  • Connect with sales and ticket data to ensure that sales team can view, create and update tickets that are familiar to the team.
  • Share customer data such as user profiles, customer account size and more, or data that is relevant to the issue or ticket.
  • Provide business insights through synced data to improve workflow efficiency and customer queries.

Assuming that the corporate stakeholders taking care of compliance are your IT department’s “customers,” the above remains true for GRC and ticketing integration. Instead of importing customer contacts, you want to import supervisory roles. Syncing that data with your tickets will allow you to have a better sense of who engages in what review. Instead of connecting sales with ticket data, you will be connecting managers with ticket data so that they know what employee engages in what compliance role. Consolidating user data to ensure that staff, managers, and senior managers are aware of everyone’s role is similar to sharing customer user information. Therefore, whether you’re looking at CRM or GRC, synchronization of systems through a ticketing software creates an efficient solution to tracking information between systems.

What are the 5 easy to use ticketing systems that may help GRC automation?

When determining whether a ticketing system is the best fit for your organization, some important factors might be user reviews such as Capterra, how it integrates with your configuration management database, integration with your directory service, easy to use API, and integration with your chosen or existing GRC tool.

Five ticketing systems that appear to meet many of the above requirements are:

JIRA

One of the leading ticketing software companies, JIRA provides more than just bug and issue tracking. Their agile reporting allows teams to have out-of-the-box reports. With more than 1,000 plug-and-play add-ons and rich APIs, JIRA provides everything you need to be up and running with an easy-to-integrate ticketing system. JIRA’s flexibility gives you the opportunity to incorporate it across several different areas making it a good one-stop shopping experience.

Freshdesk

Freshdesk provides several easy to use apps that are tied to GoogleApps. For companies that incorporate the Google environment, this is a great product. In addition, Freshdesk allows custom requirements through its RESTful API allowing easy creation of triggers specifically to the organization. This can help ease the integration of GRC tools with the ticketing system.

UserVoice

UserVoice focuses on communication with users. Originally for customer communication for software updates, this software traditionally organizes product feedback in beta phases. UserVoice works as a tool for data-driven product decisions. However, it provides direct channels between different stakeholders within and outside the organization. If you can configure it for your GRC tool, it can be a powerful asset.

ManageEngine

ManageEngine offers the option to define roles with selective privilege and gives an organization to delegate users to these roles. This means makes defining roles within the GRC environment easier for those trying to assign responsibilities. Most importantly, one of the roles that can be granted is that of Auditor. When looking at the ways that GRC automation allows for smoother audits, this role privilege adds value by streamlining the process.

Zendesk

Zendesk offers many advantages in terms of customization. The basic apps incorporate powerful add-ons. One of those add-ons within the customer support field would be workflow on tickets. Although traditionally used for business to customer help, Zendesk also incorporates JSON-based and REST APIs that break out of the boundaries of the traditional product to build integrations that can leverage tickets, users, organizations, knowledge base, and more giving it the opportunity to be a power partner for a GRC tool.

Learn how we can fit into your business.

Schedule a demo to learn how we can help guide your organization to confidence in infosec risk and compliance.

Help us get to know you.

Get a demo