Governance, Risk & Compliance48Governance, Risk and Compliance (GRC) Platforms are software for automating the performance and security risk management, and compliance auditing policies inherent in IT asset management.Druva inSync1 Data Loss Prevention2 Archer4 Credit5 PolicyHub6 Sense Platform8 Policy Compliance (PC)10 Governance, Risk, and Compliance11 Audit Management13 Control Compliance Suite15 Universal Consent Platform17 GRC19 by Galvanize20 (formerly Compliance 360)21 M722 OpenPages23 TruComply24 GRC25

Governance, Risk & Compliance Platforms

Governance, Risk & Compliance (GRC) Software Overview

What is Governance, Risk & Compliance (GRC) Software?

Governance, Risk & Compliance software is used by publicly traded companies to control the accessibility of data and manage IT operations that are subject to regulation. An organization needs GRC to:

  • Align IT strategy across the company and eliminate silos operating independently

  • Accomplish goals while streamlining risk profile and protecting value

  • Minimize online threats, detect fraud, and catch errors

  • Ensure staff and company compliance to governmental regulations, such as SOX, export and customs laws, data privacy laws, hazardous materials requirements, and more


The core concept behind IT governance is making sure that organizations align business strategy with IT strategy. This means that the goal of IT governance is ultimately to ensure that the processes governing evaluation, selection, prioritization, and funding of competing IT investments are driven by the overall business.

There are two distinct phases of IT governance: the first is determining what the IT organization works on, and this is driven by the business. The second is determining how the IT organization supports the business goals of the organization, which is a CIO responsibility.

An IT governance framework puts mechanisms in place to measure how the IT department is functioning overall, what are the key management metrics, and what return IT is giving back to the business from the investment it’s making.

Risk & Compliance

IT governance is usually accompanied by processes to manage risk across the enterprise and also to ensure compliance with multiple regulations. Some financial and publicly traded companies are required by federal statute to complete elements of enterprise risk management (ERM). In addition, a company’s ERM score will impact their S&P credit rating.

It can be challenging to determine all the governmental regulations a company must follow, especially if you operate in multiple countries. Compliance software can help navigate the numerous governmental regulations, such as Basel II, SOX, customs and export laws, and additional financial reporting, data privacy, and industry regulations.

Risk & Compliance software modules within GRC platforms improve visibility to company wide risk, improve employee efficiency by automating controls and streamlining testing, implement necessary paperwork and controls to ensure compliance, and reduce the time to audit.

Governance Risk & Compliance Features and Capabilities

  • Policy management

  • Risk management and mitigation

  • Automated compliance management

  • Document and information management, including version control, audit trail and archiving

  • Training record manager

  • Audits and inspection management

  • Incident management, including root cause analysis and corrective action (CAPA) tools

  • Third party/supplier risk management

  • Access and privilege control

  • Ongoing monitoring of business processes

  • Reporting tools

Pricing Information

Vendors do not provide prices on their websites as the cost of a solution depends on many different variables, including the number of businesses processes that will be managed, number of modules implemented, number of administrators and users, and if the software is subscription based or locally installed. However, online users estimate the cost of implementing a GRC solution to be between $10,000 and $600,000.

Governance, Risk & Compliance Products

Listings (1-25 of 99)

Druva inSync

<a href='' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
197 Ratings

Workforce mobility and the rise of cloud services is an essential part of any business, but it creates a number of challenges for IT. Data spread across devices and cloud services, unpredictable schedules, and varied network connections all complicate efforts to protect and govern enterprise info...

Forcepoint Data Loss Prevention

<a href='' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
40 Ratings

Forcepoint DLP promises to address human-centric risk by providing visibility and control everywhere your people work and everywhere your data resides. Security teams apply user-risk scoring to focus on the events that matter most and to accelerate compliance with global data regulations. The ve...

16 Ratings

Many organizations that use Office 365 are exposed to security risks that they are unaware of. As they extend SharePoint to meet their business needs, they build applications using technologies that range from end-user Microsoft Flow to developer-focused SharePoint Framework. Unfortunately, all o...

9 Ratings

D&B Credit is a global, cloud-based risk management solution fueled by Dun & Bradstreet’s industry-leading data and analytics. With powerful portfolio segmentation tools, configurable alert monitoring, and easy-to-read digital credit reports, finance and credit professionals can work more...

13 Ratings

Wdesk from Workiva is a cloud platform designed to provide collaboration, data integration, and an audit trail. Wdesk helps mitigate risk, and improves productivity

SEON Technologies provides a platform designed to help online businesses reduce the costs, time, and challenges faced due to fraud. The vendor says their platform can help global financial companies as well as small eCommerce organizations simplify fraud management so they can focus on what matte...

15 Ratings

MEGA International headquartered in France offers enterprise architecture management and modeling software, and a governance, risk management, and compliance (GRC) platform.

2 Ratings

PolicyManager is a web-based enterprise policy and procedure management platform designed for healthcare. The platform allows hospitals and integrated healthcare delivery networks to streamline, consolidate, standardize and centralize all policies in one electronic repository. According to the ve...

The MetricStream GRC Platform M7, from MetricStream in Palo Alto, California is a Governance, Risk Management, and Compliance (GRC) platform supplying a technology infrastructure for deploying GRC apps configurable to meet the needs of the enterprise.

We don't have enough ratings and reviews to provide an overall score.

TruComply is a Governance, Risk Management, and Compliance (GRC) platform developed by ANX and supported by OpenText since the company acquired ANX in 2016.

We don't have enough ratings and reviews to provide an overall score.

Global company ControlCase headquartered in McLean, Virginia offers a Governance, Risk Management, and Compliance (GRC) Platform.