Considerations in Selection of IT GRC Management Solutions
Organizations are under intensifying pressure to govern IT operations, manage IT risks, and meet IT compliance obligations. To address these challenges, solutions have evolved over the past decade with vary capabilities and scope. Some of these solutions offer IT GRC as a module in a broader Enterprise GRC platform, while others offer a solution solely focused on IT GRC.
But what is IT GRC? How is it changing? What should organizations be aware of as they look for solutions today that will also be viable for tomorrow?
In this Research Briefing GRC 20/20 provides a framework for organizations evaluating or considering IT GRC platforms.
- Defining & Understanding IT GRC
Definition, Drivers, Trends & Best Practices
- Critical Capabilities of an IT GRC Platform
What Differentiates Basic, Common, & Advanced Solutions
- Considerations in Selection of IT GRC Platforms
Decision Framework & Considerations to Keep in Mind
- Building a Business Case for an IT GRC Platform
Trajectory of Value in Effectiveness, Efficiency & Agility
The GRC Pundit will help organizations . . .
- Define and scope IT GRC
- Understand IT GRC drivers, trends, and best practices
- Relate IT GRC to Enterprise GRC
- Identify core features of basic, common, and advanced IT GRC solutions
- Map critical capabilities needed in an IT GRC platform
- Predict future directions and capabilities in IT GRC
- Scope what types of IT GRC platforms in a decision-tree framework
- Discern considerations to keep in mind as they evaluate IT GRC platforms
- Build a business case for an IT GRC Platform
This Research Briefing is aimed to assist . . .
- IT Risk Managers, IT Compliance, IT Audit, IT Security, IT Architecture
- GRC solution providers offering IT GRC Platforms
- GRC professional service firms advising organizations on IT GRC
- GRC content & intelligence providers that provide IT GRC content and templates
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
©GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.