Recorded: May 17 | 2012 View
Governance, risk management and compliance (GRC) processes are extensive; they are how an organization is directed and managed to achieve goals, considering risks to achievement, and complying with applicable laws and regulations.Issues around information have become central to organizational strategies. For example, using a document centric approach is prone to issues; Issues in consolidation and reporting – both errors and time it takes; Issues in accountability in audit trails – to validate that things were not changed to get someone or the organization out of trouble, or paint a rosier picture of the organization; Issues in efficiency as document centric approaches take more resources to manage.
GRC software is needed in organizations and investment in these areas has been increasing, seeing an annual growth of 20 percent* throughout 2011. According to research by Michael Rasmussen (Corporate Integrity), the GRC software space is vast with over 400 GRC software provider that span 28 primary categories (with numerous sub-categories) of GRC related software. Nine of these categories encompass components of an enterprise GRC platform (though no vendor does all nine components), 19 of the categories are focused in specific business functions/processes of GRC. Of the 400 vendors, it is under 50 that market and present themselves in the enterprise GRC domain.
- How to understand your organizations functionality needs.
- Guidance for selecting the right partner including examples of good RFP questions.
- How to sift through the different solutions and make weighted assessments against solution criteria.
- Core maintenance and ongoing feeding requirements.
Brandon Dunlap is the Managing Director of research at Brightfly. He has more than 15 years of experience managing business technology risk in large and small organizations. He has served in a variety of roles across heavily regulated industries, successfully leading all aspects of IT security programs, including policy and procedure management, oversight and control, strategy, architecture, development, and training. Currently, he is the Managing Director of Research of Brightfly, an independent, advisory and research firm that focuses on building a collaborative IT practitioner communities and bridging the gaps within information technology, security, risk, compliance, and audit disciplines.
Chris McClean contributes to Forrester's offerings for the Security & Risk professional, leading the company's coverage of governance, risk, and compliance (GRC). He is also a thought leader on the related issues of corporate social responsibility (CSR) and sustainability. He is a frequent speaker on these subjects at vendor events as well as conferences run by industry organizations such as the Risk Management Association. He has also been interviewed by top media outlets such as CFO Magazine, Compliance Week, CRO Magazine, and Treasury & Risk Magazine. Chris serves Forrester clients with research on GRC and CSR strategy, organization, best practices, and technologies, and he is a frequent speaker on these subjects at industry and vendor events. Before coming to Forrester, his background was in marketing for security and risk management vendors, representing a broad range of market segments, such as compliance management, vulnerability management, digital forensics, and security information management.
Ben Tomhave is the Principal Consultant at LockPath. Ben ( MS, CISSP) helps global enterprises, SMBs and service partners unlock the real promise of integrated governance, risk and compliance in his current role as Principal Consultant for LockPath, a market-changing GRC software company. A distinguished author and experienced speaker, he currently serves on the OWASP NoVA chapter board, the Society of Information Risk Analysts board, and as the co-vice-chair of the ABA InfoSec Committee. He is also a member of ISSA and the IEEE Computer Society, and earned a MS in Engineering Management from The George Washington University with an InfoSec Management concentration.
Jean-Marie Zirano defines and manages MEGA's product strategy. Jean-Marie started his career as a MIS consultant with Andersen Consulting, working for retail, manufacturing and utilities companies. Jean-Marie then joined CGI (now IBM), Platinum Technology and Computer Associates in product line management positions. At MEGA since 2000, Jean-Marie helped boost the company's international growth. As VP – Business Development, he extended the reach of MEGA worldwide. Appointed VP – Product Management, he strengthened and extended MEGA's solutions from enterprise architecture to enterprise-wide GRC initiatives. In his current VP – Product Strategy role, Jean-Marie works closely with global companies willing to improve operational excellence, to provide them with holistic solutions covering enterprise architecture, risk management, governance and compliance programs.
Related ItemsAligning GRC Technology with your GRC Program