KuppingerCole Report
Market Compass
By Paul Fisher

IT-GRC Tools

The KuppingerCole Market Compass provides an overview of the product or service offerings in the IT-GRC Tools market. As organizations continue to embrace digital technologies, an IT GRC solution will enable organizations and businesses to create and organize GRC policies and controls, and assist organizations keep on top of an increasingly complex and changing regulatory environment. The report covers those tools that can assist organizations in reducing the risk of non-compliance.
By Paul Fisher

1 Management Summary

The KuppingerCole Market Compass provides an overview of a market segment and the vendors in that segment. It covers the trends that are influencing t ...

Fundamentally an IT GRC tool forms an integral part of an organization’s overall compliance program and strategy. This strategy will vary depending ...

Login Get full Access

2 Market Segment

Login Get full Access

2.1 Market Description

Today’s GRC solutions offer better alignment with corporate objectives, increased transparency, better risk management and more cost-effective compl ...

Login Get full Access

2.2 Market Direction

The market for specific IT GRC tools is approximately 15 years old and until recently been dominated by several larger scale IT players including SAP, ...

This is a growing market driven by the need for security and compliance and the need to avoid fines but part of the growing need to refine business op ...

Login Get full Access

2.3 Capabilities

Although the IT-GRC market has some more mature sellers, there are some key differentiators between the different solutions from the growing number of ...

Login Get full Access

2.3.1 Basic Capabilities

Many capabilities can fall under the category of basic functionality, but some of the key capabilities to consider are as follows. The table highlight ...

Login Get full Access

2.3.2 Advanced Capabilities

We would recommend that buyers also consider the following capabilities when looking at IT-GRC solutions. Larger, more complex organizations may need ...

Login Get full Access

3 Vendors and Products

Login Get full Access

3.1 Vendors and Products Covered

C&F Adaptive GRC Suite
C&F is a business intelligence, data management, and Audit and Compliance Management solutions provider based in Warsaw, Polan ...

Login Get full Access

3.2 Featured Vendors

All vendors evaluated in this Market Compass have their different strengths and can meet both general and some narrow use cases. Still, we have identi ...

Login Get full Access

3.2.1 Featured for Capabilities: RSA Archer

RSA Archer is one of the best-known IT-GRC solutions on the market and one of the longest serving. It’s no surprise then that it is also one of the ...

Login Get full Access

3.2.2 Featured for Capabilities: SAP GRC

SAP’s IT GRC solution is not a single product, but it can be configured from constituent parts to create an IT-GRC solution to suit organizations of ...

Login Get full Access

3.2.3 Featured for Innovation: ServiceNow

It’s a logical step for digital workflow vendors to start offering IT-GRC functions as part of their platforms and ServiceNow has done well to integ ...

Login Get full Access

3.2.4 Featured for Innovation: Workiva

Part of a new trend for cloud-based workflow and service desk solution providers to provide IT-GRC functions, Workiva gives us a glimpse of the future ...

Login Get full Access

3.2.5 Featured for Ease of Use: Logic Manager Platform

While Logic Manager Platform is not a traditional bells and whistles platform its unique approach to interface design has paid off. By inviting end us ...

Login Get full Access

3.3 Vendors to watch

Besides the vendors covered in detail in this document, we observe some other vendors in the market that have credible IT-GRC capabilities in the mark ...

Login Get full Access

4 Ratings at a glance

All the products in the Market Compass have been given a rating for key features. Most do well in traditional IT-GRC feature areas but in one area mos ...

Login Get full Access

5 Product Details

Spider Graphs

In addition to the ratings for our standard categories we add a spider chart for every vendor we rate, looking at specific capabilitie ...

Login Get full Access

5.1 C&F

C&F is a business intelligence, data management, Audit and Compliance Management solutions provider based in Warsaw, Poland. It was founded in 1999 an ...

Login Get full Access

5.2 CISS

CISS is a small software business based in Switzerland. It’s 360inControl suite comprises GRC, Information security management and audit management ...

Login Get full Access

5.3 IBM

IBM is one of the world’s biggest software and services providers. Headquartered in Armonk, USA, it has focused in recent years in adding AI to many ...

Login Get full Access

5.4 LogicManager

Logic Manager was founded in 2005 and is based in Boston, Massachusetts. The company specializes in Enterprise Risk Management (ERM) software based on ...

Login Get full Access

5.5 Reciprocity

Reciprocity, the maker of ZenGRC, is headquartered in San Francisco with offices in Europe and South America and was founded in 2009. ZenGRC is an end ...

Login Get full Access

5.6 RSA Security

RSA is a security company and subsidiary of Dell Technologies, headquartered in Bedford, US. It has been offering integrated GRC solutions since 2010 ...

Login Get full Access

5.7 SAP

SAP is one of the of the world’s largest providers of enterprise software, headquartered in Walldorf, Germany. SAP’s IT GRC solution is not a sing ...

Login Get full Access

5.8 ServiceNow

ServiceNow is a digital workflow platform provider headquartered in Santa Clara, US. Its GRC solution is an extension to its core product. ServiceNow ...

Login Get full Access

5.9 Workiva

Workiva is an enterprise software company based in Iowa, USA. Like others in this Market Compass it does not provide an IT GRC solution out of the box ...

Login Get full Access



© 2021 Kuppinger Analysts AG. All rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice.

KuppingerCole supports IT professionals with outstanding expertise in defining IT strategies and in relevant decision making processes. As a leading analyst company KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.