Table of Contents
- Summary
- GRC Primer
- Report Methodology
- Decision Criteria Analysis
- Evaluation Metrics
- Key Criteria: Impact Analysis
- Analyst’s Take
- Methodology
- About Alan Rodger
- About Sue Clarke
- About GigaOm
- Copyright
1. Summary
Risk, and risk management, should be a driving force within IT departments. However, for most enterprises, risk management is a tax levied on technology infrastructure already swimming in oceans of technical debt.
Yet if the COVID-19 pandemic showed us anything, it’s that managing risk—particularly unexpected scenarios—is critical to both life safety and how effectively a business can recover from impact.
With the effects of the pandemic still in play, but with the economy recovering, we take a look at companies selling software platforms that manage Governance, Risk, and Compliance (GRC). It’s our opinion that in these “unprecedented times,” GRC software should take on new importance and be seen in a new light.
The companies we looked at all specialize in providing software designed to identify and report on risk by tracking and measuring how well a company is doing against a set of criteria and controls. These range from financial audits to IT security measurements and can be scoped to fit the GRC requirements of small, medium, and large companies. In some cases, the software allows auditors to manage multiple audits, including multiple audits across multiple companies.
How to Read this Report
This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.
Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.