System Center: Produce the following reports using System Center Service Manager:
Material Weakness Report
Assurance Strategy Report by IT Assets
Assurance Strategy Report by Organizational Function
Risk Management Activities Report
Control Decisions Report
Implemented Controls Report
Control Implementation Percentage Report
Control Implementation by Management Percentage Report
Information Security Risk Report
External Requirements Assurance Report
Home<ObjectTemplate ID="SYSCTR_MCA_00010" TypeID="GRCControl!System.Compliance.ManualControlActivityProjection">
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalName$">$MPElement[Name='GRC!System.Compliance.SourceNameEnum.MicrosoftCorporation']$</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalId$">SYSCTR_MCA_00010</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalVersion$">1</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Type$">$MPElement[Name='GRCControl!System.Compliance.ControlActivity.TypeEnum.Preventive']$</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Title$">Produce Compliance Reports</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/DisplayName$">SYSCTR_MCA_00010 Produce Compliance Reports</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Description$">System Center: Produce the following reports using System Center Service Manager:
Material Weakness Report
Assurance Strategy Report by IT Assets
Assurance Strategy Report by Organizational Function
Risk Management Activities Report
Control Decisions Report
Implemented Controls Report
Control Implementation Percentage Report
Control Implementation by Management Percentage Report
Information Security Risk Report
External Requirements Assurance Report</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ImplementationMethod$">Use System Center Service Manager to generate and export the required reports.
1. Select Reporting from the Service Manager Console navigation pane.
2. Select the report type from the Reports\GRC Reports Library folder.
3. In the Tasks pane, click Run Report.
4. From the Report Form toolbar, click the Export icon and select the appropriate file format for the exported report.
5. Browse to the directory your organization uses to store reports.
6. Edit the file name according to the report naming convention used by your organization.
7. Click Save, then close the report form.
</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/AdditionalGuidance$">For more information, see:
www.microsoft.com/systemcenter/en/us/service-manager.aspx</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestSummary$">Manual Assertion
Manually assert whether this procedure has been performed for all assets within the GRC program scope.
Manual assertions should be recorded at a frequency that is commensurate with audit sample sizes and frequencies, which can vary according to GRC authority document requirements and your organization's audit schedule. Determine what personnel will make the manual assertion by asking the GRC program manager. Typically, this assertion will be made by an analyst who observes an IT professional that enacts the process.
Record the compliance state as an assertion within the GRC program with one of the following states: compliant, noncompliant, error, or unknown.
Manual Assertion Steps:
1. Open the Service Manager Console.
2. Click the Compliance and Risk Items Workspace.
3. Expand the Control Management folder, then the Control Activities folders and select the All Control Activities View.
4. In the Control Activities View, select control activities that you want to add a result to and in the Task pane select Edit Control Activity. Service Manager Console launches the Control Activity form with the selected control activity.
5. In the Control Activity form, in the Task pane, select the Add Result Console task. Service Manager Console launches the Select Template dialog.
6. Select one of the templates for the results (Compliant, Non-Compliant, Unknown or Error), which opens the Result form with the result set to the control activity template name (for example, Compliant means Result = Compliant, and so on). The Owner field is populated with the current user name.
7. Select one of the programs from the Program section before Results (OK button is enabled).
8. Save the results by clicking OK in the dialog. Service Manager Console creates a Number of Managed Entity Results per Configuration Item in Scope for the selected programs. Service Manager Console closes the Add Result dialog. Service Manager Console creates a relationship between the control activity and Managed Entity Result in the CMDB. The Control Activity form remains open and displays the updated control activity in the form.
</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestId$">N/A</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestName$">N/A</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/SupportedControlObjectives$">GRC_MCO_00032</Property>
</ObjectTemplate>