Tuesday, October 25, 2011

ITGRC Software Vendors 2011

Here is the most "far-reaching" list of IT-GRC vendors that you can find on the Internet.

I stand by my statement that IT-GRC does not stick due to several reasons.

My previous posts with risk management frameworks and tools are at this link (I will update risk management tools sometime this year)

Currently there are 4 types of companies at IT GRC market:

1- IT-GRC vendors: IT Risk Management solutions with integrated workflow and compliance features.
2- Enterprise GRC vendors: ERM (Enterprise Risk Management) tools expanding into IT GRC space -sometimes called eGRC
3- Glorified Access Control Tools: This is the world of SAP, Oracle and the related vendors ( note to the vendors - GRC is not SoD - Segregation of Duties)
4- Compliance Management Tools (just targeting without risk focus)

Market is not as dynamic as 2010.IT-GRC and Enterprise Risk Management (ERM) solutions have not unified (yet). There are apps for contract management, vendor management, trading risk management, ethics management, asset management, policy management, workflow management, financial risk management, quality management, hazard management, incident management etc..All we need on the other hand is comprehensive authoritative templates, and a solid / easy to use unified GRC framework.. IT-GRC is a good starting point for merging risk management of all these activities. The effort required for this usually delays the actual quick wins IT-GRC.

2010 -11 Changes:
1- IBM acquired OpenPages and the Algorithmics Inc
2- Software AG acquired IDS Sheer
3- RSA Archer started bundle enVision (SIEM) and RSA DLP
4- Paisley's latest name is Accelus at Thomson Reuters
5- Strategic Thought is now ActiveRisk (name change)
6- Check Point (a security veteran in conventional security software - firewalls, ips, endpoint security, dlp, drm etc) acquired Easy2Comply provider Dynasec as of 10/31/201

Before moving forward, please remember that Excel is 'by far' the most common application in IT-GRC market : )

There is no order or filter on the list... I simply added all visible vendors (keep me posted)

IT-GRC vendors

Agiliance
http://www.agiliance.com/
RSA eGRC - Archer
http://www.rsa.com/node.aspx?id=3732
BWise
http://www.bwise.com/
Trustwave GRC (Control Path)
https://www.trustwave.com/GRC.php
Symantec (Control Compliance Suite)
http://www.symantec.com/business/control-compliance-suite
Modulo
http://www.modulo.com/
Relational Security - RSAM
http://www.relsec.com/rsam_overview.htm
Metric Stream
http://www.metricstream.com/
nCircle’s IT GRC Solution – Suite360 (acquired ClearPoint Metrics)
http://www.ncircle.com/index.php?s=solution_IT-Governance-Risk-Compliance
Lumension
http://www.lumension.com/Solutions/IT-Risk-Management.aspx
BPS
http://www.bpsresolver.com/
Avedos
http://www.avedos.com/en/home/home.html
Neupart
http://www.neupart.com/
Thomson Reuters (old Paisley)
http://accelus.thomsonreuters.com/solutions/risk-management/
IBM OpenPages (yes IBM acquired Openpages)
http://www.openpages.com/
Software AG GRC (IDS Scheer was acquired by Software AG)
http://www.softwareag.com/us/solutions/grc/overview/default.asp
ARC Logics - Axentis
Wolters Kluwers, the parent of Axentis; also acquired CI-3 , MediRegs ComplyTrack, CCH, TeamMate audit, FRS
http://www.axentis.com/Products/Axentis/ProductOverview.html
Methodware
http://www.methodware.com/grc/
Protiviti
http://www.protiviti.com/grc-software/Pages/default.aspx
Cura Software
http://www.curasoftware.com/pages/content.asp?SectionId=7&SubSectionID=48
Mega
http://www.mega.com/index.asp/l/en/c/grc
ControlCase
http://controlcase.com/it-grc.htm
Compliance 360 ( eGRC )
http://www.compliance360.com/
Nemea
http://www.nemea.us/
eGestalt SecureGRC -  SaaS hosted GRC offering
http://www.egestalt.com/
Aline GRC
http://www.alinegrc.com/GRC-Platform/20/
Easy2Comply (Powered by Dynasec which is Check Point now...)
http://www.easy2comply.com/
SAI Global
http://www.saiglobal.com/compliance/grc-software/
SwordAchiever Governance, Risk and Compliance (GRC) Software
http://www.sword-achiever.com/Pages/Home.aspx
Xybion eGRC Enterprise 2011 (formerly Amadeus International)
http://www.xybion.com/Products/eGRCEnterprise/eGRCProductOverview.aspx
Ethics.Point Adaptive GRC Framework (acquired HeatShield, Audit 2)
http://www.ethicspoint.com/products/
MitraTech TeamConnect GRC
http://www.mitratech.com/teamconnect-grc
Optial GRC
http://www.optial.com/Products/GovernanceRiskandComplianceGRC.aspx
Highpoint
http://www.highpointgrc.com/
RVR GRC
http://www.rvrsystems.com/IG.php
NeoGRC Compliance Manager (Neohapsis also acquired Securac Certus)
http://www.neohapsis.com/products/neogrc-compliance-manager.php
TraceSecurity Compliance Manager (TSCM)
http://www.tracesecurity.com/products/ts_compliance_manager.php
Avior BenchMark risk and compliance management platform
http://www.aviorcomputing.com/solutions/benchmark
AssurX CATSWeb Quality Risk and Compliance Management
http://www.assurx.com/solutions.html
ANX GRC (TrueARX)
http://www.anx.com/content/solutions/compliance-and-risk-management/trucomply
Telos Xacta IA Manager: Governance, risk, and compliance management
http://www.telos.com/cybersecurity/grc/index.cfm
ServiceNow IT Governance, Risk and Compliance (ITGRC) Management
http://www.service-now.com/itgrc.do
White Cyber Knight -WCK / Lancelot
http://www.wck-grc.com/Products_Lancelot_IT-GRC.htm
Simeio Solutions GRCAXS (IT GRC module)
http://www.simeiosolutions.com/
Evantix Vendor IT Risk and Compliance Management
http://www.evantix.com/what-is-evantix/
Align Alytics Risk, IT, Compliance Management
http://www.align-alytics.com/clientsolutions/

There are many other tools with ERM (Enterprise Risk Management) Compliance Management, Audit and Access Control Governance feature sets.

Here is a long list of indirect GRC software providers:
Oracle Enterprise Governance, Risk, and Compliance Manager
Oracle also acquired Reveleus, Mantas, Logical Apps, Ruleburst, Oracle GRC Manager
http://www.oracle.com/us/solutions/corporate-governance/grc-manager/index.html
SAP (no clear IT-GRC besides Access Control - SoD)
http://www.sap.com/solutions/sapbusinessobjects/large/governance-risk-compliance/index.epx
Greenlight
http://www.greenlightcorp.net/index.aspx
Qumas(Regulatory Compliance)
http://www.qumas.com/
Aveksa (Enterprise Access Governance)
http://www.aveksa.com/
Trintech (Financial controls- no IT)
http://www.trintech.com/
Doublecheck ERM
http://www.doublechecksoftware.com/solutions.htm
ACL - Transactional controls testing
http://www.acl.com/products/ccm.aspx
Approva (ERP Audit / SoD on steroids)
http://www.approva.net/solutions/itsecurity/
Open Text Governance, Risk Management & Compliance
http://www.opentext.com/2/global/sol-products/sol-pro-compliance-governance/pro-open-text-governance-risk-compliance.htm
Grant Thornton - ExpeditionGRC - GT acquired  Avalion Consulting ComplianceSet solution
http://bit.ly/9bvCFB (Long URL shortened)
Incom Enterprise Risk Mgr ISO 31000
http://www.incom.com.au
EIQNetworks SecureVue
http://www.eiqnetworks.com/securevue/securevue.php
Brinqa brings privacy, identity and vendor management
http://www.brinqa.com/products/brinqa-grc-platform/
SecurityWeaver (SoD tool)
http://www.securityweaver.com/Products_Separations_Enforcer.asp
ControlpanelGRC - SOX compliance for SAP users
http://www.controlpanelgrc.com/
Xpandion SAP Security -
http://www.xpandion.com/
EtQ Reliance (Quality Management, Environmental Health & Safety (EHS) Management)
http://www.etq.com/reliance/
Active Risk Management - ARM (Strategic Thought Group became Active Risk)
http://www.activerisk.com/risk-management/
Symb ERM and Aptius Risk Management
http://www.symb.com/content/c_symbhome.asp
Actimize (Fraud Prevention and ERM - acquired Syfact)
http://www.actimize.com/index.aspx?page=actimizeplatform
Guideline Risk Universe Business Intelligence (RUBI)
http://www.guidelinerisk.com/RUBI_system_intro.html
Hitec Labs Policy Hub and Ten Risk Management
http://www.hiteclabs.com/uk/solutions/policy-management-policyhub/
Horwath Software Services Magique Galileo
http://www.horwathsoftware.com/hsl/hslwebsite.nsf
IBS Compliance Pro Compliance Management
http://www.ibs-us.com/en/products/compliantpro/index.html
LRN Ethics Compliance
http://lrn.com/
Pentena PAWS Audit & Risk Management Software
http://www.pentana.com/products.asp
Prodiance ERM Spreadsheet Compliance (now Microsoft)
http://www.microsoft.com/pathways/prodiance/
policyIQ Risk & Compliance
http://www.policyiq.com/solutions_risk_compliance.asp
SAS Operational Risk Management
http://www.sas.com/industry/fsi/oprisk/index.html
FairWarning Healthcare Compliance Audit /Monitoring
http://www.fairwarningaudit.com/subpages/auditing.asp
Assuria Audit & Compliance Management
http://www.assuria.com/products-new.html
Flexeye Operational Intelligence
http://www.flexeyetech.com/operational-intelligence.html
Consult2Comply Compliance Infrastructure Management
http://www.consult2comply.com/main/
CMO Audit Compliance Risk Management
http://www.cmo-compliance.com/
ComplianceBridge Compliance Policy and Procedure Management
http://www.compliancebridge.com/
The Gartland RiskKey Continous Compliance
http://www.thegarlandgroup.net/services/continuous-compliance-service/
NextLabs Policy and Compliance Management
http://www.nextlabs.com/html/?q=control-center
McAfee Risk & Compliance Products
http://www.mcafee.com/us/products/risk-and-compliance/index.aspx
Collaborative Software Initiative - Standardized Information Gathering (SIG)
http://csinitiative.com/products/sig/overview/
LogicManager ERM
http://www.logicmanager.com/contents/why_logicmanager/model.php
Enablon ERM
http://enablon.com/products/risk-management.aspx

IT-GRC software make our lives more organized but we should not skip the motto of the CSI audit people: " ‘A fool with a tool is still a fool’"

Other Links:
http://www.gartner.com/it/content/925200/925212/ks_sd_may09.pdf
Gartner eGRC 2011 report: http://www.openpages.com/Information-Center-Registration/Campaign_88.asp
http://www.isaca.org/Knowledge-Center/Documents/COBIT-Focus-ISO-38500-Why-Another-Standard.pdf