GRC technology innovation is alive and well!

As I mentioned in last week’s posting, the GRC market is now 10 years old. It was in February 2002 that I first modeled a market for technology and professional services and labeled it GRC while I was at Forrester Research (at the time GiGa Information Group). It is exciting to see GRC technology continue to evolve to make GRC processes agile, efficient, and effective!

GRC technology has continued to expand and grow. Corporate Integrity’s inaugural GRC Technology Innovation awards illustrate the diversity of technologies that are expanding GRC into new areas where no technology has gone before.

Over the past few months, Corporate Integrity has received dozens of nominations for the awards. Most nominations are worthy of mention — they illustrate how technology is being used and advanced. However, most of the submissions were focused on why a vendor has a stronger feature set and not necessarily on how it is paving new ground for GRC technology.

After combing through dozens of nominations, Corporate Integrity is pleased to announce the following 10 GRC Technology Award recipients. Some of these recognitions go to established vendors — others go to up-and-comers. Some have mature offerings, others still need some polish — all are advancing GRC into new areas. The current award recipients show thought leadership and unique solutions delivering innovative technology to organizations.

The 2012 GRC Technology Award recipients are:

  • AlertEnterprise: Enterprise Identity and Access Management Security Convergence Solution. The AlertEnterprise Enterprise Identity and Access Management Security Convergence Solution (EIAM Solution) delivers a next-generation identity and access management (IAM) solution. The solution enhances traditional IAM fulfillment capabilities with built-in identity and access governance. It enables self-service capabilities to automate access requests, enforce policies, ensure compliance, enable delegated administration, and generate roles-based dashboards and reports. AlertEnterprise combines the best of IAM with compliance automation to reduce security risks and eliminate costly violations in both physical and logical access environments.
  • Catelas: People Governance Solution. Catelas is the world’s first solution that focuses exclusively on GRC challenges with a company’s employees and partners, and their collective communications (email, voice, IM, etc.), a.k.a., people governance. The volume of communications has made it challenging for compliance officers to holistically audit or monitor for potential infractions (e.g., insider trading, fraud, corruption, IP theft). Catelas has introduced an innovative approach that enables companies to review, audit and monitor corporate communications. This allows compliance officers to effectively review or monitor the company’s communications network and identify potential irregularities, based on relationships.
  • CMO Compliance: Mobile Audit, Risk and Compliance Software. CMO Compliance provides a suite of offline mobile solutions, including iPad/iPhone/iPod Touch apps, to support audit and compliance processes. The mobility compliance and audit software allows corporations to improve operational efficiencies for GRC. The iPad/iPhone apps allows field data collection, with intuitive interfaces that simplify and streamline compliance management, audits, inspections, assessments and reviews for field personnel, providing the ability to view and submit documents offline, manage actions, and capture and annotate photos for evidence and findings.
  • HiSoftware: Security Sheriff™ SP. HiSoftware Security Sheriff SP makes SharePoint safe for even the most sensitive enterprise data: from personally identifiable information (PII) to protected health information (PHI) to prerelease financials, strategic product information, HR data and more. Security Sheriff SP focuses on content awareness and content governance, so it determines access not by location but by what information it contains. It then applies governance rules to that information depending on who accesses it when and from where. Security Sheriff SP scans information, reports its status to management, classifies the information and then acts upon it, taking the actions necessary to keep it safe.
  • LockPath: Keylight GRC platform. LockPath has implemented the next-generation GRC content architecture that provides a less cumbersome way to achieve the true promise of enterprisewide GRC. The Keylight platform provides real-time, regulatory and risk intelligence with actionable context-aware integration of content. Based on a flexible architecture, Keylight is highly scalable, and provides unprecedented correlation capabilities, delivering integrated risk and regulatory intelligence through a streamlined user experience. LockPath has the broadest content integration capabilities and provides the first complete end-to-end integration and harmonization of the unified compliance framework and shared assessments content libraries with customer-created content.
  • Pneuron: Real-time distributed GRC analytics. Pneuron provides the unique ability to configure and deploy in real time, for any GRC function, component, product, rule, model or analytics from any source (third-party, proprietary or developed) to any system or set of systems without the need for an intermediary database, data mart or common data model. Pneuron enables the creation of new GRC capabilities and direct interaction with existing systems with minimal adjustments. The result — real-time globally deployed analysis, interdiction, workflow integration and enterprise intelligence.
  • QCC Information Security: Blackthorn GRC. Blackthorn GRC enables risk to be presented in a clearer, repeatable and graphical way. Risk is understood and analyzed within Blackthorn through the use of “trees.” In Blackthorn, the approach is to use drag-drop functionality to build risk models using objects (threats, threat agents, exploits and vulnerabilities, impacts, controls, etc.). The models are built underneath each critical business asset. Because risk models are built around assets and represented in trees, it has the ability to aggregate risk totals up the tree, with total risk for the organization viewable from any level. Blackthorn represents risk models so they are fed with data from a range of activities, both proactive (assessments, audits, reviews, etc.) and reactive (incidents, cases, breaches, etc.). This makes the risk results both real-time and more reliable.
  • QUMAS: ComplianceSP. QUMAS ComplianceSP on SharePoint 2010 is an innovative compliance management solution, combining the power of SharePoint 2010 with the proven regulatory domain expertise of QUMAS. Combined with preconfigured solutions for managing documents, processes, people and tasks, ComplianceSP on SharePoint 2010 delivers an innovative solution that can manage a wide range of compliance activities on the latest technologies. QUMAS ComplianceSP is fully Web-based, ensuring anytime/anywhere access to critical compliance activities, all secured by role and permission-based access. It integrates seamlessly and leverages the wider Microsoft environment, including Office, Outlook and Silverlight and other elements of the Microsoft technology stack.
  • SAP: Mobile GRC solutions. SAP is empowering the mobile GRC workforce by delivering more consumable GRC information and processes. This enables users to manage risk and compliance via mobile devices. The SAP GRC Access Approver mobil
    e application facilitates review, time-sensitive approvals and operation-critical access requests for managers, allowing authorized employees to gain access to systems and continue their work in a timely manner. With the SAP GRC Policy Survey mobile application, employees can keep track of the latest policy changes that impact their areas of the organization and complete policy-related surveys and attestations.
  • SAP: Risk Bow-Tie Builder. The SAP risk bow-tie builder allows users to visualize and maintain risks in the recognized “bow-tie” format using simple drag-and-drop capabilities. The scope of each risk as well as the causes and effects can be created, maintained and visualized. The visual representation of risk allows managers and executives throughout the typical enterprise to easily understand risk concepts. It is an effective tool to convey the importance of risk management across the organization to those that lack risk management expertise. It delivers the ability for risk managers to engage and have valuable conversations with managers and executives regarding risk. The risk bow-tie builder is revolutionary as it provides an easy-to-understand summary risk visualization with all the supporting details that management can understand and take action on.

Please share your comments, thoughts, experiences, and reflections on GRC technology innovation.  Go ahead – comment below on others that are doing great things (just avoid the better mouse trap argument – post what is truly innovative and breaking new ground).  Let the recognition of those above be the start of a great thread of conversation on other GRC technology innovations.  I am eager to hear . . .


Leave a Reply

Your email address will not be published. Required fields are marked *