1 Management Summary
The KuppingerCole Market Compass provides an overview of a market segment and the vendors in that segment. It covers the trends that are influencing that market segment, how it is further divided, and the essential capabilities required of solutions. It also provides ratings of how well these solutions meet our expectations.
The report covers solutions that assist organizations in managing their Governance, Risk and Compliance (GRC) obligations and strategies. An IT GRC solution will enable organizations and businesses to create and organize GRC policies and controls, and assist organizations keep on top of an increasingly complex and changing regulatory environment. KuppingerCole defines the component parts of GRC as follows:
- Governance: sets objectives and rules for an organization
- Risk: the threat to those objectives and rules
- Compliance: the range of laws and regulations that an organization must meet
Fundamentally an IT GRC tool forms an integral part of an organization’s overall compliance program and strategy. This strategy will vary depending on the size, industry sector and compliance demands.
Such tools have been around for some time but as compliance issues have increased in importance for organizations of all sizes their importance has increased. Legislation such as GDPR or the new California Privacy Act (CCPA) has made companies really sit up and take notice of their data responsibilities or face severe financial penalties. At the same time, smart organization have realised that better management of Governance, Risk and Compliance matters just as much for the efficiency and competitiveness of operations from marketing right through to supply chain economics.
GRC is part of a quartet of key functions that modern organizations need to manage in order to maintain business continuity and resilience. The other three functions are cybersecurity, Identity and Access Management (IAM) and Privilege Access Management (PAM).
But at the administrative and analytic heart of this foursome, IT-GRC provides both the measurement and monitoring of day to day operations that, if the other three are correctly deployed and set up, will allow IT GRC system to both see what should be and what shouldn’t be. In turn this will feed into the overall risk management of the organization and help with investment decisions on security, IAM and PAM as and when required – as well as give boardrooms assurance that the optimum is being done to keep the organization compliant and resilient.
In this Market Compass we have assessed several leading ITGRC tools that should meet the operational requirements for the environments listed above. It’s a list that includes solutions from IT giants as well as smaller more specialist vendors; together they provide a good overview of the capabilities in the market to improve GRC for different types of organization.