Replies

  • There are good GRC tool available in industry today such as Archer & Metric Stream and all of them are almost equal in terms on functionality. In order to decide which one to choose, it is important to understand the requirement and identify which workflows, and processes to be automated. To achieve value out of GRC tool, the implementation needs to be customized as per requirement and continuous maintenance will determine the result.

  • There is no best platform, each of them have their strengths and weaknesses. SAI is good, as are many others, ServiceNow is also there, there are many others.

    What you want to do is make sure your implementation is simple in nature, if you want people participating in risk management as such. And make it easy and intuitive if you want to be able to manage things in the future.

    Whatever platform you choose, I would advise having a resource on board, if this is a new initiative, it will be a long journey, with many iterations over the next two years.

  • There are many IT GRC tools and you could compare them and see what best suits your requirement.

    You can compare them based on capabilities for 

    • Policy Management
    • Risk management
    • Compliance Management
    • Audit Management
    • Vendor Risk Management
    • Threat & Vulnerability Management
    • Incident Management
    • Platform Capabilities

    Here is a quick comparison between RSA Archer, Metric Stream GRC & LockpathClick Here

    FireCompass
  • There are so many different GRC software solutions available, so, choosing the right one can be really difficult. Do you really know what to achieve with this solution? Do you really know which projects, workflows, and processes are in scope before starting a tool acquisition process? Because GRC tools are good for automating the existing working processes. And if you don’t have a risk assessment, for example, buying a GRC tool is not going to give it to you.

  • You might want to check out below tools / services:
    1. LockPath
    2. RiskSense
    3. ServiceNow
    4. SAFE
  • In my personal opinion, there's nothing called as "the best" GRC solution. With that said, there do exist established players like Metric Stream, RSAM, Archer, etc. Some of these better known name are also associated with their respective USP in terms of what do they do best (eg. Process Unity is better known for TPRM). At the end of the how any of these tools are implemented with integrations tailored to fit requirement and environment is where the meat is. And, the required element of rigor of managing the show post onboarding any of the GRC solution will define the success of it going forward.
This reply was deleted.