SAP Risk Management, SAP Process Control, RSA Archer, ServiceNow Governance, Risk, and Compliance, Wdesk, BusinessObjects GRC, SAS Governance and Compliance Manager (Enterprise GRC), Invantive Control for Excel, HighBond by Galvanize, and Mitratech PolicyHub.
Governance, Risk & Compliance software is used by publicly traded companies to control the accessibility of data and manage IT operations that are subject to regulation. An organization needs GRC to:
Align IT strategy across the company and eliminate silos operating independently
Accomplish goals while streamlining risk profile and protecting value
Minimize online threats, detect fraud, and catch errors
Ensure staff and company compliance to governmental regulations, such as SOX, export and customs laws, data privacy laws, hazardous materials requirements, and more
The core concept behind governance in IT is making sure that organizations align business strategy with IT strategy. This means that the goal of IT governance is ultimately to ensure that the processes governing evaluation, selection, prioritization, and funding of competing IT investments are driven by the overall business.
There are two distinct phases of governance in IT. The first is determining what the IT organization works on, which is driven by the business. The second is determining how the IT organization supports the business goals of the organization, which is a CIO responsibility.
An IT governance framework puts mechanisms in place to measure how the IT department is functioning overall, what are the key management metrics, and what return IT is giving back to the business from the investment it’s making.
IT governance is usually accompanied by processes to manage risk across the enterprise and to ensure compliance with multiple regulations. Some financial and publicly traded companies are required by federal statute to complete elements of enterprise risk management (ERM). In addition, a company’s ERM score will impact their S&P credit rating.
It can be challenging to determine all the governmental regulations a company must follow, especially if you operate in multiple countries. Compliance software can help navigate the numerous governmental regulations, such as Basel II, SOX, customs and export laws, and additional financial reporting, data privacy, and industry regulations.
Risk & Compliance software modules within GRC platforms improve visibility to company-wide risk, improve employee efficiency by automating controls and streamlining testing, implement necessary paperwork and controls to ensure compliance, and reduce the time to audit.
Policy management
Risk management and mitigation
Automated compliance management
Document and information management, including version control, audit trail and archiving
Training record manager
Audits and inspection management
Incident management, including root cause analysis and corrective action (CAPA) tools
Third party/supplier risk management
Access and privilege control
Ongoing monitoring of business processes
Reporting tools
There are a range of factors to consider when comparing GRC tools:
Business-wide GRC vs. system-specific: GRC tools vary in their scope of governance and compliance capabilities. Some products offer an all-in-one experience for governing data and facilitating regulatory compliance across the entire business. However, others focus on specific environments or processes, such as Office 365 systems or data integration processes. Buyer should consider what specific areas or processes require GRC support, and what scope best fits their needs.
Compliance focused vs. process-focused: Governance, risk management, and compliance tools usually focus on two business goals- preventing losses of data or resources, and ensuring regulatory compliance. Most GRC tools can serve both goals, but they may be more specialized in one area over the other. For instance, resource control-focused GRC platforms will emphasis Data Loss Prevention or policy management, while compliance-focused tools will prioritize reporting and audit support.
Usability: A key benefit of GRC tools is making governance and compliance easier for InfoSec professionals. The general usability of each product will have a large impact on realizing that benefit. For instance, how well does the platform streamline policy management, compliance reporting, etc.? Pay particular attention to the user interface’s ease of use and how streamlined workflows are. Both features are good metrics to gauge GRC tools’ usability on prior to purchasing.
Vendors do not provide prices on their websites as the cost of a solution depends on many different variables, including the number of businesses processes that will be managed, number of modules implemented, number of administrators and users, and if the software is subscription-based or locally installed. However, online users estimate the cost of implementing a GRC solution to be between $10,000 and $600,000.
(1-25 of 128) Sorted by Most Reviews
Forcepoint DLP promises to address human-centric risk by providing visibility and control everywhere your people work and everywhere your data resides. Security teams apply user-risk scoring to focus on the events that matter most and to accelerate compliance with global data regulations.…
RSA Archer, from the security, governance, and risk division of RSA Security is an integrated risk management / GRC platform.
D&B Credit is a global, cloud-based risk management solution fueled by Dun & Bradstreet’s industry-leading data and analytics. With powerful portfolio segmentation tools, configurable alert monitoring, and easy-to-read digital credit reports, finance and credit professionals…
ServiceNow Governance, Risk, and Compliance provides the tools businesses use to proactively manage risk by measuring, testing and auditing internal processes. This solution helps business users ensure compliance to regulations, policies, standards and frameworks. It is available…
Mitratech PolicyHub is a policy management solution designed to create, update, approve and communicate policies to automated knowledge assessments, audit and reporting,
SEON aims to reduce the costs, time and resources lost to fraud. For global leaders or a new startups, SEON modular fraud tools adapt to the user's business, with automated decisioning, accelerated manual reviews.SEON's products are designed around two core goals: deliver effective…
Crownpeak, headquartered in Denver, offers their Consent suite of products, applications designed to support brands in maintaining compliance with local and global privacy laws (e.g. GDPR). The platform features easy opt-in and opt-out, notice and consent gateways, customizable banners,…
HighBond is a Governance, Risk Management, and Compliance Platform from Galvanize, the company formed from the merger of Rsam and ACL Services and more recently acquired by Diligent Corporation in February 2021.
OneTrust headquartered in Atlanta offers their privacy data management platform, the OneTrust Consent Management Platform, providing website compliance scanning, cookie management, publisher and mobile app compliance and related features, as well as legal research compliance platform…
Ideagen's Enterprise Risk Management (ERM) software solution Pentana Risk (formerly Pentana Performance of Covalent Software, acquired in 2016) fully integrates risk management processes, from identifying and assessing risk business-wide, to assigning and monitoring mitigation plans,…
PolicyManager is a web-based enterprise policy and procedure management platform designed for healthcare. The platform allows hospitals and integrated healthcare delivery networks to streamline, consolidate, standardize and centralize all policies in one electronic repository. According…
Riskonnect is an Integrated Risk Management platform. Riskonnect products are all connected, allowing users to navigate to review, analyze, and report from a single interface.
The Accelus Suite from Thomson Reuters is a governance, risk management, and compliance (GRC) platform.
KnowBe4 headquartered in Clearwater offers their governance, risk, compliance platform, the KCM GRC Platform.
Intland Software's codeBeamer ALM is a scalable Agile Application Lifecycle Management platform that focuses on traceability and compliance. codeBeamer ALM supports both Agile and Waterfall, and offers a scalable solution for both small and large organisations to develop better products…
The MetricStream GRC Platform M7, from MetricStream in Palo Alto, California is a Governance, Risk Management, and Compliance (GRC) platform supplying a technology infrastructure for deploying GRC apps configurable to meet the needs of the enterprise.
SAP's BusinessObjects GRC is a governance, risk management, and compliance platform.
