Governance, Risk & Compliance software is used by publicly traded companies to control the accessibility of data and manage IT operations that are subject to regulation. An organization needs GRC to:
Align IT strategy across the company and eliminate silos operating independently
Accomplish goals while streamlining risk profile and protecting value
Minimize online threats, detect fraud, and catch errors
Ensure staff and company compliance to governmental regulations, such as SOX, export and customs laws, data privacy laws, hazardous materials requirements, and more
The core concept behind IT governance is making sure that organizations align business strategy with IT strategy. This means that the goal of IT governance is ultimately to ensure that the processes governing evaluation, selection, prioritization, and funding of competing IT investments are driven by the overall business.
There are two distinct phases of IT governance: the first is determining what the IT organization works on, and this is driven by the business. The second is determining how the IT organization supports the business goals of the organization, which is a CIO responsibility.
An IT governance framework puts mechanisms in place to measure how the IT department is functioning overall, what are the key management metrics, and what return IT is giving back to the business from the investment it’s making.
IT governance is usually accompanied by processes to manage risk across the enterprise and also to ensure compliance with multiple regulations. Some financial and publicly traded companies are required by federal statute to complete elements of enterprise risk management (ERM). In addition, a company’s ERM score will impact their S&P credit rating.
It can be challenging to determine all the governmental regulations a company must follow, especially if you operate in multiple countries. Compliance software can help navigate the numerous governmental regulations, such as Basel II, SOX, customs and export laws, and additional financial reporting, data privacy, and industry regulations.
Risk & Compliance software modules within GRC platforms improve visibility to company wide risk, improve employee efficiency by automating controls and streamlining testing, implement necessary paperwork and controls to ensure compliance, and reduce the time to audit.
Policy management
Risk management and mitigation
Automated compliance management
Document and information management, including version control, audit trail and archiving
Training record manager
Audits and inspection management
Incident management, including root cause analysis and corrective action (CAPA) tools
Third party/supplier risk management
Access and privilege control
Ongoing monitoring of business processes
Reporting tools
Workforce mobility and the rise of cloud services is an essential part of any business, but it creates a number of challenges for IT. Data spread across devices and cloud services, unpredictable schedules, and varied network connections all complicate efforts to protect and govern enterprise info...
Forcepoint DLP promises to address human-centric risk by providing visibility and control everywhere your people work and everywhere your data resides. Security teams apply user-risk scoring to focus on the events that matter most and to accelerate compliance with global data regulations. The ve...
Many organizations that use Office 365 are exposed to security risks that they are unaware of. As they extend SharePoint to meet their business needs, they build applications using technologies that range from end-user Microsoft Flow to developer-focused SharePoint Framework. Unfortunately, all o...
RSA Archer, from the security, governance, and risk division of RSA Security is an integrated risk management / GRC platform.
D&B Credit is a global, cloud-based risk management solution fueled by Dun & Bradstreet’s industry-leading data and analytics. With powerful portfolio segmentation tools, configurable alert monitoring, and easy-to-read digital credit reports, finance and credit professionals can work more...
Mitratech PolicyHub is a policy management solution designed to create, update, approve and communicate policies to automated knowledge assessments, audit and reporting,
Wdesk from Workiva is a cloud platform designed to provide collaboration, data integration, and an audit trail. Wdesk helps mitigate risk, and improves productivity
SEON Technologies provides a platform designed to help online businesses reduce the costs, time, and challenges faced due to fraud. The vendor says their platform can help global financial companies as well as small eCommerce organizations simplify fraud management so they can focus on what matte...
MEGA International headquartered in France offers enterprise architecture management and modeling software, and a governance, risk management, and compliance (GRC) platform.
Qualys Policy Compliance (PC) from Qualys in Redwood City, California is a Governance, Risk Management, and Compliance (GRC) Platform.
ServiceNow Governance, Risk, and Compliance provides the tools businesses use to proactively manage risk by measuring, testing and auditing internal processes. This solution helps business users ensure compliance to regulations, policies, standards and frameworks.
BWise is an Governance, Risk Management, and Compliance (GRC) platform formerly owned and supported by Nasdaq, acquired by SAI Global in April 2019.
SAP Audit Management streamlines internal audit activities with mobile capabilities. The product enables documentation of evidence, organization of work papers, and creation of audit reports. It can be deployed on premises or in the cloud.
The Symantec Control Compliance Suite is a Governance, Risk Management, and Compliance (GRC) Platform.
Riskonnect is an Integrated Risk Management platform. Riskonnect products are all connected, allowing users to navigate to review, analyze, and report from a single interface.
Crownpeak, headquartered in Denver, offers their Consent suite of products, applications designed to support brands in maintaining compliance with local and global privacy laws (e.g. GDPR). The platform features easy opt-in and opt-out, notice and consent gateways, customizable banners, and more.
PolicyManager is a web-based enterprise policy and procedure management platform designed for healthcare. The platform allows hospitals and integrated healthcare delivery networks to streamline, consolidate, standardize and centralize all policies in one electronic repository. According to the ve...
SAP's BusinessObjects GRC is a governance, risk management, and compliance platform.
HighBond is a Governance, Risk Management, and Compliance Platform from Galvanize, the company formed from the merger of Rsam and ACL Services, headquartered in Vancouver.
SAI360 (formerly Compliance 360) is offered as a cloud-first EHS and GRC platform offered by SAI Global headquartered in Sydney, Australia. SAI Global acquired Compliance 360 in 2012.
The MetricStream GRC Platform M7, from MetricStream in Palo Alto, California is a Governance, Risk Management, and Compliance (GRC) platform supplying a technology infrastructure for deploying GRC apps configurable to meet the needs of the enterprise.
IBM OpenPages is a governance, risk management, and compliance (GRC) platform.
TruComply is a Governance, Risk Management, and Compliance (GRC) platform developed by ANX and supported by OpenText since the company acquired ANX in 2016.
Global company ControlCase headquartered in McLean, Virginia offers a Governance, Risk Management, and Compliance (GRC) Platform.
