Compare and Evaluate

Governance, Risk and Compliance

GRC software provides an integrated, overall view of an organization’s governance, risk and compliance activities in order to minimize financial, legal and other liabilities. Together they provide for a coordinated approach and ensure that the organization is managing its risk factors and is compliant with all laws and regulations under which it operates.​

Data Quadrant report cover

The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

These include:

  • User Satisfaction Rankings
  • Business Value Scores
  • Vendor Capability Comparisons
  • Product Feature Evaluations
Emotional Footprint report cover

The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

These include:

  • Strategy and Innovation
  • Service Experience
  • Conflict Resolution
  • Product Impact
  • Negotiation and Contract

Still need assistance?

We're here to help you with understanding our reports and the data inside to help you make decisions.

Governance, Risk and Compliance Data Quadrant
Powered by Info-Tech Research Group
Powered by Info-Tech Research Group

Next Award: January 2021

Latest Award Icon
Governance, Risk and Compliance Emotional Footprint Awards

Write a review to help crown the next winner in Governance, Risk and Compliance, then follow us on LinkedIn to get notified about the results. For every approved review you will receive some compensation for your time and effort.

Latest Award: July 2020

Latest Award Icon

See the most recent winners of our SoftwareReviews Data Quadrant Awards. View our Gold Medalists and compare top vendors using our free downloadable reports.

Latest Research

6
Aug

Author: Christine Coz (Info-Tech)

By exploiting a five-year-old configuration error, a hacker was able to access Amazon’s S3 cloud storage buckets on which Twilio’s code was loaded. As a result, customers were able to unknowingly download the modified code for twenty-four hours.

Governance, Risk and Compliance Products

Filter by:

Data QuadrantReport

A thorough evaluation and ranking of all software to compare software across every dimension.

Data Quadrant Report report

Emotional FootprintReport

A detailed and unique report that captures a powerful indicator of overall user feeling toward the vendor and product.

Emotional Footprint Report report
Badge Winner

Onspring Technologies

Onspring Governance, Risk & Compliance Suite

Flexible, cloud-based GRC platform from Onspring. Easily manage and share information, monitor processes in real time and create reports with improved efficiency and integrity, all within a no-code environment. Whether you’re leaving an existing platform or implementing GRC software for the first time, Onspring has the technology, transparency and service-minded approach you need to rapidly achieve your goals.

9.2

Composite Score

9.2

CX Score

+93

Emotional Footprint

96%

Likeliness to Recommend

21

Reviews

Badge Winner

Reciprocity

ZenGRC

ZenGRC -- the first, easy-to-use, enterprise-grade information security solution for compliance and risk management -- offers businesses efficient control tracking, testing, and enforcement.

8.1

Composite Score

8.5

CX Score

+90

Emotional Footprint

75%

Likeliness to Recommend

16

Reviews

Badge Winner

SAP

SAP GRC

Adapt quickly to changes in the economy, technology, and regulations to strengthen your business with software for governance, risk, and compliance (GRC).

8.0

Composite Score

8.1

CX Score

+80

Emotional Footprint

81%

Likeliness to Recommend

31

Reviews

Badge Winner

Oracle

Oracle GRC

Only Oracle Fusion Governance, Risk, and Compliance (GRC), a component of the Oracle Fusion Applications suite, provides a complete enterprise GRC platform that gives you the power to discover, manage and enforce.

8.0

Composite Score

8.0

CX Score

+82

Emotional Footprint

83%

Likeliness to Recommend

41

Reviews

Dell EMC

RSA Archer Suite

RSA Archer Suite empowers organizations to manage multiple dimensions of risk on one platform with on-premises and SaaS offerings, and quickly implement industry-standard processes and best practices for advanced risk management maturity, informed decision-making and enhanced business performance.

7.7

Composite Score

7.9

CX Score

+77

Emotional Footprint

75%

Likeliness to Recommend

15

Reviews

NAVEX Global (formerly LockPath)

Lockpath Integrated Risk Management Platform

NAVEX Global's Lockpath is a powerful, flexible, integrated GRC platform that enables integrated risk management and is built to scale.

7.7

Composite Score

7.9

CX Score

+78

Emotional Footprint

77%

Likeliness to Recommend

16

Reviews

LogicGate Inc

LogicGate Risk Cloud

The LogicGate Risk Cloud™ is an agile GRC cloud solution that combines powerful functionality with intuitive design to enhance enterprise GRC programs.

7.6

Composite Score

7.8

CX Score

+77

Emotional Footprint

77%

Likeliness to Recommend

18

Reviews

IBM

IBM OpenPages GRC Platform

IBM® OpenPages® GRC Platform is an integrated governance, risk and compliance platform that enables companies to manage risk and regulatory challenges across the enterprise.

7.5

Composite Score

7.6

CX Score

+69

Emotional Footprint

78%

Likeliness to Recommend

21

Reviews

Verizon Communications Inc

Verizon GRC Services

Create an effective governance, risk, and compliance (GRC) approach that can help you better comply with security requirements, control risk, and build customer loyalty. And assess, establish, and—most importantly—maintain compliance across your organization, despite complications such as changing and overlapping security regulations and standards, differing interpretations, and a lack of uniformity in compliance efforts.

7.4

Composite Score

7.1

CX Score

+71

Emotional Footprint

83%

Likeliness to Recommend

10

Reviews

MetricStream

MetricStream GRC

MetricStream GRC is the technology infrastructure that modern and digital organizations are relying on to design an integrated GRC architecture that can be embedded into the fabric of the enterprise. Built on cloud-based, open-standard technologies using J2EE and XML architecture, MetricStream GRC Platform enables rapid deployment of GRC Apps that provide a pervasive approach to governance, risk, and compliance.

7.3

Composite Score

7.3

CX Score

+75

Emotional Footprint

68%

Likeliness to Recommend

14

Reviews

ServiceNow

ServiceNow GRC

ServiceNow GRC harnesses the ServiceNow service management platform to enhance visibility and orchestrate cross‑functional GRC processes, detect and assess risks in real time, streamline and operationalize compliance controls, and accelerate the mean time to mitigate risks.

6.1

Composite Score

6.1

CX Score

+45

Emotional Footprint

69%

Likeliness to Recommend

12

Reviews

SAI Global Pty Ltd

SAI Global Compliance 360

Compliance 360® is a comprehensive software solution that streamlines governance, risk, compliance and internal audit process for organizations of all sizes and geographic diversity. Compliance 360 is designed to make compliance, risk and audit management easier, less costly, and much more manageable – even for organizations in highly regulated industries.

5.9

Composite Score

5.4

CX Score

+40

Emotional Footprint

66%

Likeliness to Recommend

16

Reviews

Infor

Infor Approva Continuous Modeling

Infor Approva Continuous Monitoring enables you to execute repeatable and reliable processes to meet the control aspects of Governance, Risk and Compliance (GRC) requirements for your organization.

--

Composite Score

8.8

CX Score

+99

Emotional Footprint

67%

Likeliness to Recommend

3

Reviews

LogicManager Inc

Logic Manager ERM Software

Logic Manager ERM Software is a risk management software specializing in regulatory compliance, audit management and financial/market risk management.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

Cura Software

Cura GRC Management Suite

Cura provides software solutions designed to enable businesses to get the benefits of Governance, enterprise wide Risk management and Compliance (GRC).

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

Quantivate

Governance, Risk and Compliance Management Suite

Quantivate features a suite of integrated GRC software modules for Business Continuity, Vendor Management, Enterprise Risk Management, IT GRC, Internal Audit, and Regulatory Compliance Manager.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

AlignAlytics

Align GRC

The backbone of the Align GRC platform is a unified enterprise map, the Align Framework, which utilizes a flexible database to capture siloed information about people, processes, systems and unifies them with strategies, risks and performance goals.

--

Composite Score

8.4

CX Score

+92

Emotional Footprint

78%

Likeliness to Recommend

1

Reviews

CMO Software

CMO Compliance

The CMO COMPLIANCE Compliance Software Solution automates all steps in the compliance management process, tracking responsibilities and due dates for legal and non legal compliance obligations. The solution includes the ability to map compliance requirements and obligations to an organisational hierarchy.

--

Composite Score

8.8

CX Score

+100

Emotional Footprint

100%

Likeliness to Recommend

1

Reviews

Enablon

Enablon Enterprise Risk Management

From identifying and managing strategic and tactical risks, to strengthening controls and processes, learn how Enablon solutions can help you reduce risk, ensure compliance and improve performance.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

Modulo

Modulo Risk Manager

Using Modulo solutions for GRC, organizations create business-relevant quantitative & qualitative reports on identified leading and trailing risk indicators to help prioritize actions and support decision-making.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

SAI Global Pty Ltd

BWise GRC Platform

BWise, provides a leading enterprise governance, risk management and compliance (GRC) platform that enables organizations to be in control of all of their key financial and reputational risks, including the risk of non-compliance.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

RSAM

RSAM GRC

Rsam GRC centralizes information from disparate sources into an integrated, object-oriented risk framework to track all risks, controls and remediation activities.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

Software AG

ARIS GRC Platform

Software AG's ARIS Governance, Risk & Compliance Management Platform enables enterprises to confidently meet internal and external legal requirements and standards while efficiently managing risks.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

Aegify Inc.

Aegify RSC Suite

Today, the Aegify Suite is a unique unified solution that operates at the intersection of security, compliance and risk management for healthcare, retail and financial organizations.

--

Composite Score

--

CX Score

+77

Emotional Footprint

78%

Likeliness to Recommend

1

Reviews

Protiviti

Protiviti Enterprise GRC Solutions

The right GRC solution for aligning sound governance with business performance.

--

Composite Score

9.2

CX Score

+96

Emotional Footprint

89%

Likeliness to Recommend

2

Reviews

Load More

All Research

Latest Research

6
Aug

Author: Christine Coz (Info-Tech)

By exploiting a five-year-old configuration error, a hacker was able to access Amazon’s S3 cloud storage buckets on which Twilio’s code was loaded. As a result, customers were able to unknowingly download the modified code for twenty-four hours.

Latest Research

5
Aug

Author: Isaac Kinsella (Info-Tech) &
Jimmy Tom (Info-Tech)

Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.

Latest Research

5
Aug

Author: Scott Bickley (Info-Tech)

IBM is changing the terms of its ubiquitous Passport Advantage agreement to remove entitled discounts on over 5,000 on-premises software products, resulting in an immediate price increase for IBM Software & Support (S&S) across its vast customer landscape.

Latest Research

23
Jul

Author: Isaac Kinsella (Info-Tech)

RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.

Latest Research

20
Jul

Author: Isaac Kinsella (Info-Tech)

Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.

Latest Research

17
Jul

Author: Christine Coz (Info-Tech)

Navigating the vendor risk management space, particularly in the current environment that consists of a mix of cloud, managed services, and critical supply chain, is key to ensuring that you don’t inadvertently introduce new risks through this dynamic channel.

Latest Research

15
Jul

Author: Isaac Kinsella (Info-Tech)

On May 26, Kenna Security released its new Prioritization to Prediction Benchmark Survey. This free tool provides organizations with the ability to compare their vulnerability management programs to industry averages Kenna Security has compiled over the years.

Latest Research

10
Jul

Author: Isaac Kinsella (Info-Tech)

COVID-19 has changed a great deal about how businesses operate. From a security perspective, however, COVID-19 caught many businesses off guard. The shift from working in the office to working from home has made it difficult for security measures to keep pace. Specifically, how are businesses meant to maintain the same secure networks when their employees are no longer working in the office? Outside of the security of the IT departments, IT and security have a tough time ensuring that patching and vulnerability management remain at the forefront of a business’s priorities.

Latest Research

10
Jul

Author: Christine Coz (Info-Tech)

From employee management through leadership and communication, increased cyber threats, logistics and operations to post-pandemic planning and risk mitigation, the threat landscape has experienced enormous change. These noticeable shifts force us to consider rethinking and retooling how we address risk.

Latest Research

10
Jul

Author: Christine Coz (Info-Tech)

In an interview with Allison Furneaux, VP Marketing at CyberSaint Inc., developers of CyberStrong Integrated Risk Management platform in June 2020, Allison indicated that its focus has been on cybersecurity from the beginning.

Latest Research

10
Jul

Author: Christine Coz (Info-Tech)

LogicGate is a governance, risk and compliance automation platform offered by LogicGate Inc., headquartered in Chicago, that helps organizations to automate their risk processes.

Latest Research

10
Jul

Author: Christine Coz (Info-Tech)

I recently had the opportunity to speak with Jason Rohlf, VP Solutions, Mark Scheinkoenig, VP Commercial Sales, and Emily Figg, VP Marketing about their GRC solution at Onspring to discuss the product audience and upcoming features.

Latest Research

26
Jun

Author: Christine Coz (Info-Tech)

The Department of Justice is looking to acquire a GRC tool for the Office of the CIO within the FBI’s Enterprise Information Security Section.

Latest Research

17
Jun

Author: Cassandra Cooper (Info-Tech)

The International Association of Privacy Professionals (IAPP) has released its 2020 Privacy Tech Vendor report, reviewing key software solution vendors within the space. This year’s report highlighted the recent addition of Data Subject Request (DSR) to the feature categories.

Latest Research

8
Jun

Author: Cassandra Cooper (Info-Tech)

In early March, Titus released Titus Illuminate 2020, which was the company’s answer to the question of analyzing data at rest. This latest version of Illuminate leverages machine learning and AI in an effort to manage data that contains potentially sensitive or high-risk personal information.

Latest Research

29
May

Author: Logan Rohde (Info-Tech)

PHEMI is a data privacy solution focused on keeping data-processing activities secure by redacting information based on the role of the accessor. Thus, allowing such data to be used for multiple use cases without compromising privacy.

Latest Research

27
May

Author: Isaac Kinsella (Info-Tech)

Kenna Security deployed their new data driven vulnerability management program, Kenna.VM and accessory program, Kenna.VI. Released on April 28th, Kenna.VM was created with the purpose to set service-level agreements (SLAs) with risk tolerance in mind.

Latest Research

13
May

Author: Christine Coz (Info-Tech)

“Connected reporting capabilities, control testing, real-time collaboration, cloud-based access, stringent security measure and permissions controls” are considered the leading factors behind CFGI offering Workiva to its clients.

Latest Research

11
May

Author: Isaac Kinsella (Info-Tech)

We often hear that businesses are continually cyber insecure or under attack. However, recent penetration testing from Rapid7 shows that businesses are getting better at securing their networks against cyberattacks. While organizations continue to have exploitable weaknesses, attackers are having greater difficulty penetrating deeper into businesses’ networks.

Latest Research

30
Apr

Author: Isaac Kinsella (Info-Tech)

Four zero-day vulnerabilities were discovered in IBM’s Data Risk Manager. While the vulnerabilities are concerning, more so is IBM’s response when addressed. The company simply stated, “It’s out of scope.” – meaning it had no intention to rectify or address the issue.

Latest Research

30
Apr

Author: Isaac Kinsella (Info-Tech)

The Internet of Things is increasingly embedded with our daily lives. While these devices make life more accessible, for every new device, a new attack vector for cyberattackers is created.

Latest Research

23
Apr

Author: Isaac Kinsella (Info-Tech)

Qualys VMDR has hit the live market. Originally unveiled in February 2020 at Qualys Security Conference, VMDR is now publicly available as of April 16, 2020. Partnering with both large and small MSSPs, VMDR is designed to be scalable to any business enterprise and to automate the entire management cycle on all endpoints.

Latest Research

22
Apr

Author: Christine Coz (Info-Tech)

In March 2020, ZA Bank, Hong Kong’s first virtual bank, selected the OneSumX solution from Wolters Kluwer for regulatory reporting.

Latest Research

20
Apr

Author: Christine Coz (Info-Tech)

In a move to better respond to digital risk resulting from digital transformation and innovation priorities, RSA has updated the RSA Archer and NetWitness Platforms.

Latest Research

15
Apr

Author: Natalie Sansone (Info-Tech)

ServiceNow’s Orlando release introduced Now Intelligence, a set of features that strengthen ServiceNow’s lead in the AI-powered IT service management (ITSM) and digital transformation space.

Latest Research

1
Apr

Author: Cassandra Cooper (Info-Tech)

Since its acquisition of Rsam in 2019, Galvanize (formerly ACL) has maintained its high-quality delivery of cloud-based security, risk management, compliance, and audit software. Recognized as one of Canada’s Best Managed Companies, Galvanize’s comprehensive product offerings have not gone unnoticed.

Latest Research

29
Mar

Author: Christine Coz (Info-Tech)

RSA Archer, a leader in the governance, risk, and compliance space has been acquired by Symphony Technology Group, based in Palo Alto, California. Symphony, a private equity firm, has investments in a cross section of companies in the analytics space, HR and recruitment, and supply chain among many others.

Load More