Governance, Risk & Compliance48Governance, Risk and Compliance (GRC) Platforms are software for automating the performance and security risk management, and compliance auditing policies inherent in IT asset management.Forcepoint Data Loss Prevention1 Archer3 Credit4 PolicyHub5 Sense Platform7 Audit Management9 Policy Compliance (PC)11 Governance, Risk, and Compliance13 GRC14 Control Compliance Suite15 KCM GRC Platform17 Universal Consent Platform18 GRC19 by Galvanize20 Reuters Accelus23 M724 OpenPages25

Governance, Risk & Compliance Platforms

Governance, Risk & Compliance (GRC) Software Overview

What is Governance, Risk & Compliance (GRC) Software?

Governance, Risk & Compliance software is used by publicly traded companies to control the accessibility of data and manage IT operations that are subject to regulation. An organization needs GRC to:

  • Align IT strategy across the company and eliminate silos operating independently

  • Accomplish goals while streamlining risk profile and protecting value

  • Minimize online threats, detect fraud, and catch errors

  • Ensure staff and company compliance to governmental regulations, such as SOX, export and customs laws, data privacy laws, hazardous materials requirements, and more


The core concept behind IT governance is making sure that organizations align business strategy with IT strategy. This means that the goal of IT governance is ultimately to ensure that the processes governing evaluation, selection, prioritization, and funding of competing IT investments are driven by the overall business.

There are two distinct phases of IT governance: the first is determining what the IT organization works on, and this is driven by the business. The second is determining how the IT organization supports the business goals of the organization, which is a CIO responsibility.

An IT governance framework puts mechanisms in place to measure how the IT department is functioning overall, what are the key management metrics, and what return IT is giving back to the business from the investment it’s making.

Risk & Compliance

IT governance is usually accompanied by processes to manage risk across the enterprise and also to ensure compliance with multiple regulations. Some financial and publicly traded companies are required by federal statute to complete elements of enterprise risk management (ERM). In addition, a company’s ERM score will impact their S&P credit rating.

It can be challenging to determine all the governmental regulations a company must follow, especially if you operate in multiple countries. Compliance software can help navigate the numerous governmental regulations, such as Basel II, SOX, customs and export laws, and additional financial reporting, data privacy, and industry regulations.

Risk & Compliance software modules within GRC platforms improve visibility to company wide risk, improve employee efficiency by automating controls and streamlining testing, implement necessary paperwork and controls to ensure compliance, and reduce the time to audit.

Governance Risk & Compliance Features and Capabilities

  • Policy management

  • Risk management and mitigation

  • Automated compliance management

  • Document and information management, including version control, audit trail and archiving

  • Training record manager

  • Audits and inspection management

  • Incident management, including root cause analysis and corrective action (CAPA) tools

  • Third party/supplier risk management

  • Access and privilege control

  • Ongoing monitoring of business processes

  • Reporting tools

Pricing Information

Vendors do not provide prices on their websites as the cost of a solution depends on many different variables, including the number of businesses processes that will be managed, number of modules implemented, number of administrators and users, and if the software is subscription based or locally installed. However, online users estimate the cost of implementing a GRC solution to be between $10,000 and $600,000.

Governance, Risk & Compliance Products

Listings (1-25 of 98)

Forcepoint Data Loss Prevention

<a href='' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
42 Ratings

Forcepoint DLP promises to address human-centric risk by providing visibility and control everywhere your people work and everywhere your data resides. Security teams apply user-risk scoring to focus on the events that matter most and to accelerate compliance with global data regulations. The vendo…

17 Ratings

Many organizations that use Office 365 are exposed to security risks that they are unaware of. As they extend SharePoint to meet their business needs, they build applications using technologies that range from end-user Microsoft Flow to developer-focused SharePoint Framework. Unfortunately, all of t…

10 Ratings

D&B Credit is a global, cloud-based risk management solution fueled by Dun & Bradstreet’s industry-leading data and analytics. With powerful portfolio segmentation tools, configurable alert monitoring, and easy-to-read digital credit reports, finance and credit professionals can work more ef…

13 Ratings

Wdesk from Workiva is a cloud platform designed to provide collaboration, data integration, and an audit trail. Wdesk helps mitigate risk, and improves productivity

SEON Technologies provides a platform designed to help online businesses reduce the costs, time, and challenges faced due to fraud. The vendor says their platform can help global financial companies as well as small eCommerce organizations simplify fraud management so they can focus on what matters:…

16 Ratings

MEGA International headquartered in France offers enterprise architecture management and modeling software, and a governance, risk management, and compliance (GRC) platform.

SAP Audit Management streamlines internal audit activities with mobile capabilities. The product enables documentation of evidence, organization of work papers, and creation of audit reports. It can be deployed on premises or in the cloud.

6 Ratings

BWise is an Governance, Risk Management, and Compliance (GRC) platform formerly owned and supported by Nasdaq, acquired by SAI Global in April 2019.

1 Ratings

Riskonnect is an Integrated Risk Management platform. Riskonnect products are all connected, allowing users to navigate to review, analyze, and report from a single interface.

Crownpeak, headquartered in Denver, offers their Consent suite of products, applications designed to support brands in maintaining compliance with local and global privacy laws (e.g. GDPR). The platform features easy opt-in and opt-out, notice and consent gateways, customizable banners, and more.

2 Ratings

PolicyManager is a web-based enterprise policy and procedure management platform designed for healthcare. The platform allows hospitals and integrated healthcare delivery networks to streamline, consolidate, standardize and centralize all policies in one electronic repository. According to the vendo…

4 Ratings

SAI360 (formerly Compliance 360) is offered as a cloud-first EHS and GRC platform offered by SAI Global headquartered in Sydney, Australia. SAI Global acquired Compliance 360 in 2012.

The MetricStream GRC Platform M7, from MetricStream in Palo Alto, California is a Governance, Risk Management, and Compliance (GRC) platform supplying a technology infrastructure for deploying GRC apps configurable to meet the needs of the enterprise.