SAP Governance, Risk, Compliance (GRC), and Cybersecurity

Workflow Management

A customizable interface that allows you to define, publish and manage workflows associated with the stages and actions which form your risk.

Risk Management

The identification and evaluation of risks followed by coordinated application of resources to minimize, monitor and control the probability of negative effects

Asset Management

The ability to integrate with a discovery tool to identify assets in scope of the governance program and to track risks and remediation activities.

Reporting and Dashboards

Customizable and standard reporting aligned with operational, compliance, and audit requirements. Dashboard information that is role based and customizable.

Policy Management

The creation, update, communication, and acknowledgement tracking of policies and their supporting standards and procedures where applicable.

Audit and Compliance Management

The identification of control objectives defined by mandatory or voluntary frameworks or standards applicable to a business and the assessed alignment.

Incident Management and Remediation

The ability to integrate risk remediation actions, and create incidents resulting from identified vulnerabilities into an incident management system

Threat and Vulnerability

The collection and correlation of threat and vulnerability information from internal and external knowledge sources and tools to assess vulnerability

Vendor Management

A centralized process for managing the vendor portfolio, assessing vendor risk and tiering, and for completing the remediation life cycle.

Quality of Features

Feature quality is just as important as quantity. Use this data to determine if this product will do what you're purchasing it to do, easily, intuitively, reliably, and effectively.

Availability and Quality of Training

Effective and readily available training enables users to get the most out of the software you've chosen. Use this section to make sure your vendor's training programs and materials measure up.

Ease of IT Administration

This data indicates whether IT personnel will be able to resolve issues and perform configurations efficiently and effectively.

Vendor Support

The importance of vendor support will vary for each organization depending on internal capabilities, but there will always be issues that only the vendor can resolve.

Breadth of Features

Users prefer feature rich software that enables them to perform diverse series of tasks. This data expresses user satisfaction with the product's breadth of features.

Usability and Intuitiveness

End user learning curves cost the organization money. Pay attention to your end users' technical ability to determine how important UX is in your purchase.

Business Value Created

Software needs to create value for employees, customers, partners, and, ultimately, shareholders. This data expresses user satisfaction - or lack thereof - with the product's business value.

Ease of Data Integration

Use this data to determine whether the product will cause headaches or make data integration easy.

Ease of Implementation

Successfully implementing new software is necessary to realize its full value and promote end user adoption. This data indicates whether or not the product is easy to implement.

Product Strategy and Rate of Improvement

Vendors who don't stay on top of emerging needs and trends won't enable you to meet your business goals. Use this data to separate innovators from imposters.

Ease of Customization

Don't get bogged down in a difficult customization; use this data to make sure you can easily achieve the functionality you need for your particular situation.