Our Perspective

Our Perspective on the GRC Market and GRC Solutions

The GRC market is a macro-market that encompasses several smaller market segments.  Major analyst firms treat the GRC market as a micro-market they think can be rolled-up and covered in a two-dimensional plot comparing less than 20 solutions.  Their market model and sizing is nothing more than adding up projected revenues for a small group of select vendors and perhaps making some adjustments.  This is absurd. GRC solutions and services are varied and have a variety of functions. The major analyst firms have it wrong. The GRC market cannot be defined in a single comparative report with a two-dimensional graphic. GRC 20/20 understands this and helps organizations perceive the panorama of issues and challenges organizations face and identify the right solutions to meet their specific requirements.

GRC 20/20 has mapped over 500 solution providers into our GRC market model that is broken into segments and sectors.  We are the ONLY market research and analyst firm monitoring market size, demand, growth, and trends at both the sector and segment level, in addition to the high-level roll-up of the GRC market.  We specialize in differentiating solutions on their value and capabilities within segments of the GRC market and not just paying attention to a few. 

GRC 20/20 specializes in the details of the GRC market. We help buyers of GRC solutions to identify the solutions they should consider given their specific requirements. Whether it is criteria for RFPs in specific areas of GRC to broad solutions that provide the backbone of an enterprise GRC architecture – we deliver depth. On the other side, our insight enables solution providers to hone their product, service, marketing, sales, content, partner, and growth strategies to move from being good to being great.  We help solution providers to understand their competitive differentiators and how to win deals and articulate value in how they make clients more efficient, effective and agile.

GRC 20/20 is focused on delivering high-value relationships with GRC solution provider clients. Services are typically ¼ of what major analyst firms charge and value is achieved through personal accessibility to get you answers when you need them. GRC 20/20 wants to be part of your team and not some cloistered ivory tower that is hard to contact and even harder to connect to.  Working with GRC 20/20 is about engagement – to be an objective and independent advisor while still a part of your team. 

Our Differentiators

Our Differentiators

GRC 20/20 is collaborative.  We like to roll-up our sleeves and get involved in details.  We thrive on interaction and engagement.  To be successful in understanding and predicting the GRC market requires that we listen and learn and not merely pontificate and make ourselves untouchable.  Unlike major market research and analyst firms, we recognize the need to involved.  

GRC 20/20 is:

  • Affordable.  Our rates are comparable to an experienced consultant rather than of major analyst firms who charge more than high-end Wall Street attorneys.  Organizations do not need to pay $1,000+ an hour for analyst time; that is robbery, and in some cases extortion.  GRC 20/20 is often ¼ the cost of major analyst firms.
  • Deep. The GRC market cannot be represented in a single two-dimensional comparison of a handful of select GRC solutions. We are the only market research firm to provide detailed buying criteria, comparisons, market sizing, and growth for the entire GRC market as well as specific segments of the GRC market covering more than 500+ solutions.
  • Pragmatic. We understand that organizations have a range of GRC roles and processes focused on aspects of governance, risk management and compliance.  While an enterprise GRC strategy and architecture is ideal, most organizations are addressing department needs as well as specific risk and compliance issues and must learn to crawl before they can run. 
  • Grounded. GRC 20/20 prides itself on analysts with real-world experience from the trenches of organizations.  We know what works and does not work as well as how to get the job done. Our analysts do not sit back in cloistered offices and avoid getting involved in the real world.
  • Collaborative.  Collaboration requires engagement in discussion, debate, and thought leadership in GRC professional communities and associations.  GRC 20/20 actively engages organizations, non-profit associations, solution providers, professional service firms, and others in research collaboration to gain perspective and clarity into aspects of the GRC market.  This breadth of interaction feeds into our market models, advice, and forecasts. 
  • Reachable.  We are easy to access.  Clients of GRC 20/20 can call, email, text / message, tweet, Skype, or use a palantir (should you have one) to get answers when they are needed.  We offer complimentary inquiries/answers to GRC purchaser questions on strategy and solutions to provide the clarity they need to take the next step.  GRC 20/20 fields hundreds of buyer inquiries each year looking for GRC solutions and services to address a range of GRC challenges from broad to specific.
  • Transparent.  GRC 20/20 represents and works with the ecosystem of buyers as well as GRC solution and service providers.  Our revenue comes from a mixture of these elements and we are fully committed to objectivity in research and not afraid to disclose our relationships or criteria on how we recommend and evaluate solutions. We evaluate GRC solutions using transparent, consistent, and objective criteria. 

About GRC 20/20

About GRC 20/20 Research, LLC

20/20 vision is perfect clarity in sight: clarity to see and process surrounding context and achieve situational awareness — to observe the world around you, be aware of risks, and react accordingly.

Clarity of Governance, Risk Management & Compliance

GRC 20/20 Research, LLC (GRC 20/20) provides clarity of insight into governance, risk management, and compliance (GRC)  solutions and strategies through objective market research, benchmarking, training, and analysis. We provide independent and objective insight into leading GRC practices and processes, including market dynamics and intelligence; risk, regulatory and technology trends; competitive landscapes; market sizing; expenditure priorities; and mergers and acquisitions.

GRC 20/20 advises the entire ecosystem of GRC solution purchasers within organizations, professional service firms, and solution providers.  We serve the needs of organizations that seek clarity, guidance and advice in dealing with a dizzying array of disruptive issues, processes, information and technologies while trying to maintain control of a distributed and dynamic business environment.  Whether focused on a specific risk, regulation, department, or enterprise GRC strategy, organizations seek clarity through GRC 20/20.  This clarity is delivered through analysts with real-world expertise, independence, creativity, and objectivity that understand GRC challenges and how to solve them practically and not just theoretically.  Our clients include Fortune 1000 companies, major professional service firms, and an array of GRC solution providers who require our research and advise to apply strategies and technology to meet the GRC challenges they face. 

GRC 20/20 is a:

  1. Buyer advocate.  We assist those purchasing GRC solutions  to help them navigate hyperbole to select solutions that are practical and deliver on requirements.  

    Simply, we help buyers select the right solution(s) for their needs and get the most out of their investment.

  2. Solution strategist.  We guide GRC solution providers in understanding the demand and needs of buyers and improve product, marketing, competitive, sales, partner, content, and growth strategies.  

    Simply, we make good GRC solutions into great GRC solutions.

  3. Market evangelist.  We educate and evangelize GRC strategies that deliver value and results through advocacy of technology, content, and services in making GRC processes efficient, effective and agile.

    Simply, we define the future of GRC and understand where it is headed.

Research Terms & Conditions

These terms and conditions  govern the use of  GRC 20/20 Content (content includes, but is not limited to: website, research, intellectual property, and information in all forms).  If you have any questions please email [email protected].

Intellectual Property

You agree and acknowledge that all Intellectual Property Rights in all GRC 20/20 website, research, intellectual property, content, and all material and information contained within belongs to GRC 20/20. You shall not obtain any Intellectual Property Rights in GRC 20/20 content. You may not publicly use any GRC 20/20 content without GRC 20/20's prior written permission.  GRC 20/20 content is for internal use only to your organization.

Licence of GRC 20/20 Content

GRC 20/20 licence's its content as follows:

  • If GRC 20/20 content has been ordered on a single user basis then it may only be used by the  person whose name is identified on the Order; and
  • If GRC 20/20 content has been ordered on a corporate basis then it may only be used by the employees of the one entity whose company name is identified on the Order. For the avoidance of doubt the company name identified on the Order shall not include Affiliates.
  • All Licences to GRC 20/20 content is granted, subject to these Terms and Conditions, for the purchaser's sole use and benefit on a non-exclusive and non-transferable basis.
  • All Licences of GRC 20/20 conet permits the purchaser, for internal business purposes only, to retrieve and display the content on a computer screen and print individual pages on paper and store such pages in electronic form on disk and on personal computer (but not on any other server or other storage device connected to an external network).
  • Purchaser may not (without contacting GRC 20/20 to obtain prior written permission):
    • Sell, market or redistribute any GRC 20/20 content or any material contained within GRC 20/20 contetn and the GRC 20/20 website (including by using it as part of any library, archive or similar service);
    • Remove the copyright or trademark notice from GRC 20/20 content;
    • Create a database in electronic or structured manual form by systematically downloading and storing all or any of GRC 20/20 content;
    • Extract any content from GRC 20/20 research and website including text, charts and figures; or
    • Modify, reproduce, develop or in any way commercially exploit any of our Reports and Website content or any material contained within our Reports and Website.
  • The Licences of GRC 20/20 content is  subject to any guidelines that GRC 20/20 may from time to time issue with to GRC 20/20 content.
  • The Licences of GRC 20/20 content shall continue indefinitely.
  • Where a Licence of GRC 20/20 content is granted on a corporate basis purchaser shall make reasonable endeavours to ensure that all your employees, members, directors, partners, whatever the case may be, comply with these Terms and Conditions.
  • If purchaser becomes aware of any potential or actual infringement or misuse of GRC 20/20 content and Intellectual Property Rights, purchaser shall promptly notify that to GRC 20/20.

Consequences of breach of licence

GRC 20/20 takes the protection of its Intellectual Property Rights seriously. If proceedings were to become necessary, for example, because of a breach of the Licence of any of our Reports, the remedies available to us include an injunction, damages or an account of profits, legal costs and interest. Damages may be in the region of a minimum of $50,000 for each breach.

Citation Terms

All external or commercial citation of GRC 20/20 content is prohibited without GRC 20/20's express written permission. This includes, but is not limited to, uses of GRC 20/20 content in advertisements, press releases, analyst briefings and any sales collateral in any and all types of media.

All citation requests are reviewed by GRC 20/20 on a case-by-case basis.

To seek GRC 20/20 approval relating to any permission contact [email protected] providing full citation and context for request. Please include a draft copy of any press releases and other marketing material such as newsletters, email campaigns, direct mail, etc. GRC 20/20 may charge an administration fee for reviewing citation requests. This fee will reflect the time required to check accuracy and legal impact of the use of GRC 20/20 content. The administration fee will be communicated within two business days of the citation request and before the start of the approval process.

GRC 20/20 reserves the right to change these citation terms at any time, without notice.


The fee for  provision of GRC 20/20 content ("Fee") is priced in accordance with the Order and payable immediately.

If purchaser fails to pay any amount due to GRC 20/20 under these Terms and Conditions, then GRC 20/20 shall be entitled but not obliged to charge interest (both before as well as after judgment) at the rate of 4% per annum above the base rate. Such interest shall accrue on a daily basis and be compounded quarterly.

The Fee for GRC 20/20 content does not include any updates to the report. If you wish to receive any updated report which we may publish from time to time then you will be required to purchase such updated GRC 20/20 content as a new order and pay the then published rate.

All payments to be made by purchaser to us under these Terms and Conditions shall be paid without deduction set-off, counter-claim or other withholding.

Purchaser Acknowledgements and Obligations

Purchaser acknowledges that GRC 20/20 is an independent research, publishing and advisory firm. As such the views expressed in GRC 20/20 content will reflect GRC 20/20 analysts' views. Opinions and recommendations contained in such GRC 20/20 content is submitted solely for advisory and information purposes and is not intended as an offering or a solicitation to buy or sell any securities mentioned.

GRC 20/20 content is issued in good faith but without legal responsibility and is subject to change or withdrawal without notice. GRC 20/20 does not warrant the accuracy, completeness or adequacy of our advice or the contents of our Reports and Website for any purpose or that GRC 20/20 advice and content will meet with your requirements. We do not guarantee that our content will result in the identification of all matters which may be of interest to you.

GRC 20/20 content and website must not be accessed or used in any way that would be illegal in any jurisdiction.

Purchaser acknowledges that it holds adequate and suitable professional indemnity insurance in relation to any professional service that you provide.

Purchaser shall not disclose any of the Reports or divulge their contents to any third party without GRC 20/20 prior written consent (which we may withhold or grant subject to conditions, at our complete discretion). Irrespective of whether GRC 20/20 provides any consent for purchaser to disclose GRC 20/20 content to a third party, GRC 20/20 shall never assume any responsibility to any third party to which GRC 20/20 content is disclosed or otherwise made available.

Purchaser shall keep GRC 20/20 content on a strictly confidential basis, and it is purchaser's responsibility to ensure that no unauthorized third party gains access to GRC 20/20 content or website.

Purchaser warrants that it has the full power and authority to comply with these Terms and Conditions.

Purchaser shall comply with all applicable laws in performing  obligations and exercising  rights under these Terms and Conditions.


Nothing in these Terms and Conditions shall operate to exclude or limit GRC 20
/20 liability for:

  • death or personal injury caused by our negligence; or
  • fraud; or
  • any other liability which cannot be excluded or limited under applicable law.


GRC 20/20 shall not be liable to purchaser for any loss of profit, anticipated profits, revenues, anticipated savings, goodwill or business opportunity, or for any indirect or consequential loss or damage.

GRC 20/20 aggregate liability in respect of any claims arising out of or in connection with any Licence of any of our Reports and Website, whether in contract or tort (including negligence) or otherwise, shall in no circumstances exceed the total Fee payable (and paid) by the you in respect of that Report.

Purchaser shall indemnify and keep GRC 20/20 indemnified against all liabilities, losses, proceedings, claims and demands brought or threatened against GRC 20/20 by any party other than Purchaser and any reasonable costs and expenses relating thereto, arising out of or in connection with Purchaser breach of any of these Terms and Conditions, regardless of whether such breach is later remedied and regardless of whether or not we have been negligent.

Purchaer shall indemnify and keep GRC 20/20 indemnified against all liabilities, losses, proceedings, claims and demands and any reasonable costs and expenses relating thereto, arising out of or in connection with Purchaser breach of any of these Terms and Conditions.


The Licence of any GRC 20/20 content purchaser has ordered shall continue indefinitely.

The Licence to use GRC 20/20 content may be terminated by written notice if Purchaser is in material breach of these Terms and Conditions and the breach is not remedied within the period of 14 days after written notice of the breach has been given to Purchaser. If GRC 20/20 reasonably believes you are in breach of the Licence GRC 20/20 may suspend your right to use GRC 20/20 content at any time.

On termination of a Licence to use our Reports:

  • all provisions of the Licence shall cease to have effect, except that any provision which can be reasonably inferred as continuing, or is expressly stated to continue, shall continue in full force and effect; and
  • Purchaser shall promptly return to GRC 20/20, or certify the destruction of the Report.

Privacy Policy

The information that Purchaser provides about itself to GRC 20/20 will only be used by us in accordance with our Privacy policy. Please read the Privacy policy carefully and if you have any questions please email [email protected]

Non-Solicitation of Personnel

In order to protect GRC 20/20 confidential information and business connections Purchaser covenants with us that Purchaser shall not directly or indirectly and either on Purchaser's own behalf or on behalf of or in conjunction with, any firm, company or person, for 6 months after the date of the Order, offer to employ or engage or otherwise endeavour to entice away from GRC 20/20 any person who is employed or engaged by us in the preparation of GRC 20/20 content contained in the Order.


All notices shall be given to GRC 20/20 via email at [email protected] or by post at the address referred to at the top of these Terms and Conditions; or to Purchaser at either the email or postal address provides during any ordering process.

Notice will be deemed received when an email is received (or else on the next business day if it is received on a weekend or a public holiday in the place of receipt) or 3 days after the date of posting.


The following words and expressions shall have the following meaning in these Terms and Conditions:

  • Affiliates: means in relation to the company name you specified on an Order, any company which is for the time being a holding company of that party or a subsidiary of that party or of any such holding company.
  • Force Majeure Event: any event arising that is beyond the reasonable control of the affected party (including any industrial dispute affecting any third party, governmental regulations, fire, flood, disaster, civil riot or war).
  • Intellectual Property Rights: means all intellectual property rights wherever in the world arising, whether registered or unregistered (and including any application) including copyright, know-how, confidential information, trade secrets, business names and domain names, any and all rankings, patents, design rights, database rights and all rights in the nature of unfair competition rights or rights to sue for passing off.
  • Licence: means as the case may be either the single-user licence or a corporate licence (as selected by you at the time of your Order) to any of our Reports subject to these Terms and Conditions.
  • Marks: means any and all of our or our licensor's trademarks, trade names, service marks, logos, URLs or identifying slogans and whether or not registered.
  • Order: means an order by Purchaser through our Website for any GRC 20/20 content in accordance with these Terms and Conditions.
  • Reports: means any of GRC 20/20 publlished research and articles which GRC 20/20 may from time to time publish.
  • Website: means our website at http://www.grc2020.com


In these Terms and Conditions:

  • Clause headings do not affect the interpretation of these Terms and Conditions.
  • References to clauses are (unless otherwise provided) references to the clauses of these Terms and Conditions.
  • Words in the singular include the plural and those in the plural include the singular.
  • References to including and include(s) mean respectively including without limitation and include(s) without limitation.
  • GRC 20/20 may transfer and/or assign GRC 20/20 rights and/or GRC 20/20 obligations under any Licence. This will not affect Purchaser rights under such Licence. Purchaser may not transfer any of Purchaser's rights or obligations under any Licence.
  • Nothing in these Terms and Conditions shall confer Purchaser rights on any other person.


If Purchaser breaches these terms and conditions and GRC 20/20 ignores this, GRC 20/20 will still be entitled to use GRC 20/20 rights and remedies at a later date or in any other situation where you breach these Terms and Conditions.

This agreement, together with the Privacy policy, represents the entire terms agreed between us in relation to its subject matter and may be amended only by our agreement in writing.

If either of us becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay to perform our obligations under any Licence such party shall forthwith notify the other and shall inform the other of the period for which it is estimated that such failure or delay shall continue. The affected party shall take reasonable steps to mitigate the effect of the Force Majeure Event.

All Licences are made solely for Purchaser benefit and they are not intended to benefit, or be enforceable by, any other person.

If any provision (or part of a provision) of these Terms and Conditions is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force. If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the parties.

These Terms and Conditions shall be governed by the law of the State of Wisconsin

GRC 20/20 will try to solve any disagreements quickly and efficiently. If you want to issue court proceedings in relation to this agreement you must do so in the State of Wisconsin.