Technology advisory firm Forrester Research has released its latest Forrester Wave for Governance, Risk, And Compliance Platforms, Q1 2020. This year’s report emphasizes the fact that firms must keep up with the pace of modern innovation. According to Forrester, compliance is no longer a static set of requirements, and risks are evolving at an unprecedented pace. GRC platforms must enable risk professionals to work at scale and at the current pace of innovation.
For GRC customers, there are three major factors they should be focusing on when choosing the right provider for their organization. First, their chosen vendor needs to leverage artificial intelligence, machine learning, and predictive analytics. Second, the vendors need to employ user-centric strategies across the board. Third, a GRC customer’s chosen vendor needs to be dedicated to program success beyond simple deployment.
In their 22-criterion evaluation of GRC platform providers, Forrester researchers Alla Valente, Renee Murphy, Amy DeMartine, Matthew Flug, and Peggy Dostie identified the 12 providers whom they consider the most significant in the category: Enablon; Galvanize; IBM; LogicManager; MetricStream; NAVEX Global; Riskonnect; RSA, a Dell Technologies Company; SAI Global; SAP; Service Now; and Workiva.
The Wave Report details their findings and examines how each vendor meets (or falls short of) Forrester’s evaluation criteria and where vendors stand in relation to each other.
In order to help buyers select the right tools, the Wave Report outlines the current state of the market for top technologies and businesses, and separates the top providers into leaders, strong performers, contenders, and challengers. At Solutions Review, we’ve read the report, available here, and pulled a few of the most important takeaways.
Galvanize, ServiceNow, and LogicManager Rise to the Top as Leaders
Galvanize, formerly known as ACL, is capitalizing on its recent acquisition of Rsam. Its HighBond platform combines Rsam’s capabilities for collecting and operationalizing data with powerful analytics and robotics process automation. It has also recently achieved FedRAMP Moderate authorization. ServiceNow is highly focused on driving user adoption and engagement, and has designed workflows to contextualize the user experience. With built-in features like a mobile app design studio and natural language processing, ServiceNow enables its customers to build strong GRC strategies. LogicManager stands out from the crowd with its no-cost professional services which include unlimited support, mentoring, and access to LogicManager University. With an updated UI, flexible workflow, and strong productivity features, LogicManager has earned its place in this report.
Six Major Vendors Earn Rank as Strong Performers
Workiva has steadily improved its risk management capabilities and can support all core GRC use cases; its strengths include a multitenant, cloud-native application with no legacy code, ODBC access that strengthens data collaboration, and FedRAMP LI-SaaS authorization. This vendor’s technical support has also been cited as exceptional. IBM’s OpenPages platform provides advanced analytics capabilities that support enterprise, operational, and IT risk with good visualization capabilities and a strong partner ecosystem. Riskonnect’s platform, built on Force.com, is highly configurable, utilizing Salesforce’s library of connectors to bring in data from other tools. It enables customers to close the loop on enterprise risk management, integrating an RMIS offering that supports insurance claims, health and safety, and a variety of GRC use cases.
SAI Global has recently acquired regulatory compliance vendor BWise, and continues to be a strong player in traditional GRC use cases like policy management and audit. This vendor stands out by embedding eLearning into its SAI360 platform and integrating with SAP data for audit. NAVEX Global’s Lockpath platform has multiple strengths, including a content library of controls cross-mapped to multiple regulatory frameworks and standards, policy templates and best practices, as well as support for mapping of any relevant data points. MetricStream has continued to be a strong performer in the space with its wide customer base, robust partner network, and unique usage of AI to recommend remediation based on the type of vulnerability.
RSA and SAP Stand Out As Contenders, Enablon as Sole Challenger
RSA’s Archer Suite supports many GRC use cases but stands out when it comes to core IT risk management capabilities. Platform strengths include RSA Link, an active user community, and risk quantification through integration with RiskLens. SAP provides solutions with powerful risk management and analytics that work particularly well alongside other SAP backend products. It offers particularly strong audit management capabilities, and its ERP cloud is a good choice for benchmarking. SAP also supports several advanced analytics applications, and offers strong CISO dashboards.
Enablon’s innovation focuses on environmental, health, and safety (EHS). Its Safe Operations solution utilizes AI to leverage geolocation data to predict where a breach might occur, and NLP to mine unstructured data in the platform and make contextual recommendations for action plans.
Looking for more? Download our Enterprise Resource Planning Buyers Guide for free to compare the top-24 products available on the market with full page vendor profiles, key capabilities, an ERP software market overview, our bottom-line analysis, and questions for prospective buyers.