Rsam Platform Exemption Management
Innovation in IT GRC Technology
[tabs style=”default”] [tab title=”Executive Summary”]
Critical to a successful IT GRC process is the ability manage non-conformance and in that context exemptions and exceptions. Organizations require an integration of technologies and processes to manage the intricate relationships and presentation of IT GRC information and conformance to standards and controls. At a minimum, organizations need an accountable forms management process to document exemptions and exceptions and manage workflow for approval and follow up on them. Mature IT GRC programs will integrate an array of security and IT operations technology to detect and automate the identification of non-conformance and the process of documenting, approving, and managing exemptions and exceptions.
Rsam is a GRC solution that GRC 20/20 has researched, evaluated, and reviewed with organizations that are using it in changing, distributed, and dynamic business environments. GRC 20/20 has evaluated and verified the innovation found in Rsam Platform that enables their clients to extend and integrate a range of technologies to automate exemption and exception management processes. Their approach makes organizations more efficient, effective, and agile in automating and tracking what often is manual processes of exemption and exception management. In this context, GRC 20/20 has recognized Rsam with a 2015 GRC Innovation Award for the best technology innovation for IT GRC in 2015.
[/tab] [tab title=”Table of Contents”]
- Disaster Looms When Something Slips Through the Cracks
- The Multi-Headed Hydra of IT Risk
- Isolated Risk and Compliance Initiatives Introduce Greater Risk
- Unknown Exemptions & Exceptions Cost the Organization
- Rsam Platform Exemption Management
- Innovation in IT GRC Technology
- What the Exemption Management Innovation Is About
- How Is the Exemption Management Innovation Different?
- Benefits of Exemption Management
- Considerations in Context of Exemption Management
- About GRC 20/20 Research, LLC
- Research Methodology
[/tab] [tab title=”Author”]
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
©GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.