State

West Virginia launches new IT risk and compliance platform

West Virginia announced it will use tools from the Canadian software firm Galvanize to automate processes around IT risk management and compliance.

By Ryan Johnston

February 2, 2021

West Virginia CIO Joshua Spence (Scoop News Group)

West Virginia announced on Tuesday it will use new software to track risk and compliance within the state’s IT systems, lowering the cost of monitoring the state’s digital applications and 90,000 employees.

The state’s Office of Technology has selected the Canadian software firm Galvanize and announced plans to use its governance-risk-compliance, or GRC, platform. West Virginia says it currently uses disparate solutions to monitor the risk and compliance of its IT systems, relying on manual processes and inefficient systems to ensure that the state’s digital tools are legal and secure.

Through the new platform, the state says virtually all of its IT compliance and risk analysis information will be available in one place for technology officials to review.

“With the centralization of many IT departments, they’re looking for tools that can help them keep track of compliance across the state, especially IT risk,” John Norris, Galvanize’s public sector head of sales, told StateScoop. “There’s hundreds and thousands of different tools and applications going on in state government, and without appropriate tools to capture this information, it’s difficult to understand the risks you’re facing and act accordingly.”

Through Galvanize, which claims more than 500 state and regional government agencies in the U.S., West Virginia will initially focus on implementing the company’s IT risk management service, ITRMBond, which automates the data analysis involved in measuring IT risk, to see IT issues before they happen. If a problem does occur, Norris said, the state can use IncidentBond, a program that automates post-incident workflow and analysis.

Such automation, he said, is a massive step up for government agencies that may have only manually tracked IT risk and compliance.

“These tools are handy and useful at very early stages when you’re trying to build out frameworks and how you want to think about these problems, but as you scale and try to build programs to effectively manage it, you quickly outgrow tools like Excel and Word,” Norris said.