We're currently in testing to move to San Diego, but not quite there yet.

We have an initiative where we're attempting to track contracted performance standards and map them back to the business applications which are needed to deliver on those standards. We have multiple contracts, each with different sets of performance standards. The production standards would be things like "Process X% of transactions within Y time period" or "Respond to X% of inquiries within Y days." I've been steered toward the GRC module as a possible mechanism in which to try an put this mapping together, but my experience with GRC is limited to a couple of sessions at the Connect conference 3 years ago.

I would think the Contract would be analogous to a Policy (set of objectives we need to meet), and the specific contractual standards would be Controls, and the Control Objectives would then point toward the business application that needs to be available to execute on the Controls/standards.

Is it possible to eventually link a GRC Control Objective back to a CMDB Business Application CI?