Table of Contents
- Summary
- Market Categories and Deployment Types
- Key Criteria Comparison
- GigaOm Radar
- Vendor Insights
- Analyst’s Take
- Methodology
- About Paul Stringfellow
- About GigaOm
- Copyright
1. Summary
Governance, risk, and compliance (GRC) is an approach to the assessment and measurement of operational business risk. It includes the ability to report on what can and can’t be controlled and whether an organization is meeting its governance and compliance objectives. Accomplishing this mission, however, can be time consuming and resource intensive.
GRC software solutions provide an integrated suite of capabilities to help enterprises implement and manage their GRC programs. They are designed to help a company unify its approach to assessing and managing risk, and to ensure that the results are made available to stakeholders to enable better decision making. For example, a GRC solution will provide reports related to assurance, internal audits, risk assessments, and compliance monitoring, all of which promote better operational and business decisions.
A GRC solution will also help an organization to establish, automate, and manage risk assessments, which can substantially help the company meet regulatory and audit requirements by providing strong evidence of its risk reduction strategies and their success.
The GRC market is continuing to evolve and grow as organizations become increasingly aware of the importance of robust governance and compliance plans, but it is not just governance and compliance that is driving demand. Organizations also see the role that good processes and controls can play when it comes to resilience, agility, and threat management. Moreover, the commercial necessity of adopting better GRC has become apparent because it has also become increasingly important to customers and suppliers who, for their own GRC reasons, must verify that everyone in their supply chain is meeting robust standards.
The evolution of GRC is highlighted in a number of key areas. Cybersecurity, resilience, and governance are at the heart of many GRC strategies and are also the focus of a number of new players in the GRC market. These are vendors who see security as the obvious first step into GRC for organizations who have not adopted it previously.
This emphasis on security is also driving automation into many solutions because security, perhaps more than any other part of an organizational GRC approach, benefits from continuous automated monitoring and control.
A related sector, environmental and social governance (ESG), is also becoming an area of interest for many organizations as they become more cognizant of their wider responsibilities to the environments in which they operate. This is a developing area, with standards only beginning to emerge. However, for those organizations who take ESG seriously, finding solutions that allow them to track their progress is essential.
For today’s organizations, the robust adoption of a GRC solution can benefit them both technically and commercially, making their operations and systems more efficient and resilient while ensuring they meet the governance demands of their customers, all of which can lead to a real commercial advantage over their competitors.
This GigaOm Radar report is an update of our previous report on the GRC market. It highlights key vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating GRC Solutions,” we describe in more detail the key features and metrics that are used to evaluate vendors in this market.
How to Read this Report
This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.
Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.