Friday, September 19, 2008

IT-GRC and GRCM tools revisited

The line between IT-GRC and the old world GRC are getting thinner everyday. So I updated my list with old world GRC players.. As you can tell they all have IT-GRC solutions

It is difficult to say which sets of tools are exactly for IT-GRC, or GRC Management (GRCM) or enterprise governance, risk and compliance (EGRC).

IT controls are everywhere when you check the 4 pillars of GRCM:
1- Audit management
2- Compliance management
3- Risk management
4- Policy management

Tools do not fix the governance problem but they do help in shaping your project with fewer bodies (and probably for an exchange for good hard cash)

The new era of tools have a better message than the previous "We fix your compliance problems" motto. We all knew that compliance was just another step to achieve governance on Information Security. The new tools have better connections with legacy information security and risk management tools, they also come with several predefined policy frameworks like ISO 27001, COSO, COBIT, PCI etc..

Not there yet, but if you are interested here is a good start list of lists for googling and reading:

Governance, Risk and Compliance (GRC) Tools with IT Controls (IT-GRC)


Agiliance
http://www.agiliance.com/
Brabeion
http://www.brabeion.com/
Archer
http://www.archer-tech.com/solutions/index.html
Control Path
http://www.controlpath.com/solutions_advantage.php
Symantec (Control Compliance Suite)
http://eval.symantec.com/mktginfo/enterprise/fact_sheets/ent-datasheet_control_compliance_suite_05-2007.en-us.pdf
Compliance Spectrum -Spectra (Command Center)
http://www.compliancespectrum.com/
Modulo
http://www.modulo.com/
NeIQ Vigelent Policy center and other NetIQ tools
http://download.netiq.com/CMS/WHITEPAPER/NetIQ_CRM_Methodology_Feb_2007.pdf
eIQ Networks SecureVue
http://www.eiqnetworks.com/products/SecureVue.shtml
CA clarity (formerly NIKU)
http://www.niku.com/it-governance-47.html
IBM Tivoli Series
http://www-306.ibm.com/software/uk/itsolutions/governance/?ca=grm_Lnav&me=w
SAP
http://www.sap.com/solutions/grc/index.epx
Relational Security - RSAM
http://www.relsec.com/rsam_overview.htm
Iconium
http://www.iconium.co.uk/Solutions/overview.htm
Security Works - Visible Security
http://security-works.com/?page_id=27
Oracle (formerly Logical Apps and Oracle GRC Manager)
http://www.oracle.com/solutions/corporate_governance/governance-risk-compliance-manager.html
Proteus
http://www.infogov.co.uk/proteus_enterprise/index.php
Avedos
http://www.avedos.com/257-Home-EN.html
BWise
http://www.bwise.com/
Neupart
http://www.neupart.com/
Metric Stream
http://www.metricstream.com/
Nemea
http://www.nemea.us/
Favored Solutions
http://www.favoredsolutions.net/
Paisley
http://www.paisley.com/
OpenPages
http://www.openpages.com/Solutions/Technology_17.asp
Qumas
http://www.qumas.com/products/index.asp
IDS Scheer
http://www.ids-scheer.com/en/ARIS/ARIS_Solutions/Governance_Risk__Compliance_Management/88815.html
Axentis

http://www.axentis.com/axentis_solutions_5.aspx
Achiever
http://www.goachiever.com/ACHIEVERPLUS/aweb2.nsf
Methodware
http://www.methodware.com/products/oprisk/idx-oprisk.shtml
Protiviti
http://www.protiviti.com/portal/site/pro-us/menuitem.32f530ef9aa26f4acd230ef2f5ffbfa0/
Cura Software
http://www.curasoftware.com/pages/content.asp?SectionId=7&SubSectionID=48
Mega
http://www.mega.com/index.asp/l

6 comments:

Anonymous said...

Good list, but a bit surprised you missed us: BPS Inc. We are a second generation GRC platform - relatively few clients, but the ones we have are at the top of the house.

yinal said...

Gavin, I will add BPS next time, is there a specific reason for avoiding GRC term on your product pages?

yinal said...

Brabeion was acquired by Archer in Jan 09

Mike Jalonen said...

Don't forget HighPoint GRC (www.highpointgrc.com)

Franck said...

Don't forget Easy2comply from Dynasec
(www.easy2cmoply.com)

Anonymous said...

Update -

EMC bought Archer

Thomson Reuters bought Paisley