KNOWLEDGE BRIEF

Rsam is Recognized as 2018

Technology Leader in the GRC
Platforms Market

KNOWLEDGE BRIEF
BY
Rsam is Recognized as 2018 Technology Leader in the GRC
Platforms Market

Quadrant Knowledge Solutions recent analysis of the global GRC platform market
provides strategic information to the technology vendors in formulating their growth
strategies and users in evaluating different vendors capabilities, competitive
differentiation, and market position. The research includes an in-depth analysis of
major GRC Platform vendors evaluating their platform capabilities, market presence,
and overall value proposition. The evaluation is based on primary research with expert
interviews, analysis of use cases, and Quadrant’s internal analysis of the overall GRC
platforms market.

This study includes analysis of key GRC vendors including Enablon, IBM, LockPath,
LogicManager, MetricStream, Nasdaq BWise, Navex Global, Resolver, RSA Archer,
Rsam, SAI Global, SAP, ServiceNow, and Thomson Reuters. Each of these vendors has
comprehensive product offerings, strong value propositions to support diverse range of
GRC use cases, and market & technology strategies to support future market needs.

Market Dynamics and Trends

GRC platforms market is expected to grow significantly during 2018-2023

Globally, the GRC platforms market is growing rapidly. The market growth is
primarily driven by ever-growing complexities of regulatory compliance, increasing
concern for privacy and intellectual property protection, growing internal and external
threat landscape, and cybersecurity concerns. Users are increasingly viewing GRC
solutions as a strategic investment and an enabler for ensuring business practices,
operating models, and corporate behaviors are socially accepted by employees,
partners, stakeholders, and the public at large.

GRC software enables organizations to integrate and manage processes and data to
effectively meet company objectives related to governance, risks, and compliance
management. All major integrated GRC platform vendors provide key GRC
functionalities, including enterprise risk management, compliance management, audit
management, vendor risk management, business continuity management, IT
governance & security, risk analytics, reporting, and visualization, and such others.

The following are the key research findings of Quadrant’s GRC platforms research:

 GRC platforms market is expected to grow significantly in the next five to six
years from the market size of $5.10 billion in 2018 to over $14.79 billion by

Copyright 2018 © Quadrant Knowledge Solutions Private Limited

For Citation, info@quadrant-solutions.com
 2023. The global GRC platforms market is expected to grow at a compound
annual growth rate (CAGR) of 19.6% during forecast period of 2018 to 2023.

 Though the GRC market is primarily dominated by on-premise deployments,

the market is rapidly moving towards cloud-based deployment. By the year
2021, SaaS-based GRC deployment is expected to be the primary market
contributor capturing over half of all the total GRC deployments. By the year
2023, SaaS-based GRC is expected to contribute 59.6% of the total market
compared to 40.4% for an on-premise deployment. Majority of the large
organizations are adopting a hybrid approach to get the benefits of rapid
scaling as well as safeguarding their processes and applications against major
disruptions. Users may move majority of the applications on the public cloud
and most of the business-critical applications on the private cloud depending
on the factors including scalability and responsiveness of the applications.

 Majority of the popular GRC platforms include the core functionalities of

enterprise risk management, compliance management, IT governance, Audit,
security management. Some of the key competitive and technology
differentiators include breadth of GRC platform capabilities, ease of
deployment & use, ease of workflow creation and ease of making changes,
content management, and sophistication of analytics & reporting.

 Automation is emerging as the most prominent trend in the overall

information security and risk management technology market. Users are
increasingly looking at automation solutions not only to manage routine
financial and accounting processes but also to manage financial controls
against frauds, abuse, and errors. Automation in risk and compliance
management processes, including continuous monitoring of all processes and
workflows, updating industry standards and regulatory content, and such
others can help organizations in improving productivity and optimize human
involvement while ensuring regulatory compliance and integrity of financial
processes.

 Integrated GRC vendors are embracing artificial intelligence (AI) and machine
learning technologies to facilitate organizations understand and anticipate
risks in various enterprise, business, and financial processes. With AI
application in security and risk management, organizations can soon detect
emerging external threats, such as new malware, with the help of robust
machine learning and AI-based algorithms. AI-based algorithms can also help
in discovering internal risks based on employees’ actions and behavior
patterns. The vision is to deploy a self-governance model for automatic risk

Copyright 2018 © Quadrant Knowledge Solutions Private Limited

For Citation, info@quadrant-solutions.com
 identification and its assessment, risk prioritization, and self-remediation based
on the advanced AI and machine learning capabilities.

Competition Landscape Analysis of the Global GRC Platforms Market

Rsam is Recognized as 2018 Technology Leader in the Global Market

Quadrant Knowledge Solutions conducted an in-depth analysis of the major GRC

Platform vendors by evaluating their product portfolio, market presence, and value
proposition. The evaluation is based on the primary research with expert interviews,
analysis of use cases, and Quadrant's internal analysis of the overall GRC Platforms
market. Quadrant’s competitive landscape analysis compares vendors’ technological
capabilities in providing GRC solutions in terms of technology excellence performance
and customer impact. Performance in technology excellence is measured by
parameters, including sophistication of technology, technology application diversity,
scalability, competitive differentiation, and industry impact. Customer impact includes
parameters, such as addressing unmet needs, product performance, proven records,
ease of deployment, and customer service excellence. According to research findings,
Rsam, with the comprehensive, integrated GRC platform, is positioned amongst the
2018 technology leaders in the global GRC platforms market.

Founded in 2003, Rsam is amongst the top three technology leaders of the Global GRC
platforms market. Rsam offers an integrated and configurable GRC platform with an
adaptive framework suitable for a wide range of GRC applications, industry-specific
solutions, and compliance requirements. The company offers a variety of modules to
support wide-range of use cases related to GRC and security operations management.

Copyright 2018 © Quadrant Knowledge Solutions Private Limited

For Citation, info@quadrant-solutions.com
 Figure: 2018 SPARK Matrix

(Strategic Performance Assessment and Ranking)

GRC Platforms Market

Rsam Capabilities in the Global GRC Platforms Market

Rsam has organized its different modules into three-go-to-market portfolios which
include GRC, Security Operations, and Vendor Risk Management (VRM) solutions.
Rsam is well-recognized amongst its customers for its easy to use technology
framework, fast implementations, and ability to support diverse use cases and industry-
specific applications.

 GRC Solutions: Rsam offers a full-suite of integrated GRC solutions with

modules including audit management, business continuity, continuous control
testing, enterprise risk management, exception management, financial controls
management, GDPR, incident management, NIST CSF, policy management,
risk and compliance management, and regulatory change management. The
company uses a relational architecture and connected data model to facilitate
dependencies and relationships within and between modules. The Rsam GRC

Copyright 2018 © Quadrant Knowledge Solutions Private Limited

For Citation, info@quadrant-solutions.com
 solution is well-known for its flexible and scalable architecture. It enables
customers to use out-of-the-box configurations for rapid implementations as
well as create their own custom solutions through its user-friendly and
intuitive drag-and-drop configurability. Rsam invests nearly 30% of its
revenue for R&D and offers a comprehensive GRC framework with
capabilities including a sophisticated data architecture, workflow automation,
advanced business rules, content management for a variety of compliance
initiatives, detailed reporting and analytics, and impressive technology
integration capabilities which include Rsam’s universal connector, native API,
and ability to integrate with other application APIs.

 Security Operations Analytics and Reporting (SOAR) Solution: Rsam SOAR

solution includes threat management, vulnerability management, and security
incident response modules. Rsam’s security incident response platform (SIRP)
simplifies threat monitoring and accelerates its resolution. It provides incident
detection and threat intelligence capabilities using API connectors and Email
Listener. With its dynamic workflow, users can replicate any existing incident
management processes and make changes as the process evolves. Event and
playbook rules enhance efficiency and provide guidance over remediation
process. Users can also correlate related incidents over an extended period in
the SIRP platform. Rsam’s Vulnerability Management module helps in
consolidating large volumes of risk data from multiple security tools to
simplify risk assessment and automating the remediation process and
workflows to ensure compliance to regulations and policies. The module, with
risk-based workflows, supports alerts to assigned tasks, email notifications, and
escalation based on defined criteria. It also enables users to develop and
prioritize remediation activities, record action plans, set target dates, and keep
track of progress with timely reports.

 Vendor Risk Management (VRM): Rsam’s VRM solutions include the Vendor
Risk Management module and third-party integrations for cybersecurity and
financial ratings. Rsam uses a relational data model to centrally record and
organize risk management data for a complete 360-degree vendor view. It
provides strategic insights for individual or relative vendor risks via library of
reports and dashboards. The solution enables users to manage and report
vendor onboarding, classification, compliance assessments, findings
remediation, vendor contracts, SLAs, and performance metrics. Rsam’s VRM
solution also provides third-party integration for security and cybersecurity
ratings to support criticality assessments and/or influence risk score
calculations. Rsam is gaining increasing traction amongst users for its VRM
solution for third-party vendor risk analysis and management. Rsam’s VRM

Copyright 2018 © Quadrant Knowledge Solutions Private Limited

For Citation, info@quadrant-solutions.com
 solution, with intuitive workflow, helps organizations in categorization,
assessment, monitoring, issue tracking, notification, remediation, and
reporting.

 Competitive Differentiation: The Rsam platform is designed for business users

and supports easy configuration of its data architecture, automation, business
rules, reporting, and integration with no custom coding requirements. Rsam
technology differentiation can be attributed to its sophisticated data model,
platform’s adaptability, and performance. Rsam’s data model is based on a
relational data structure. It integrates information about risk assessments,
assets, threats and vulnerabilities from disparate sources into an easy to use
object-oriented risk framework. This enables organizations to track all risk
management, controls, and remediation activities in a single centralized
framework. The Rsam platform is designed to be adaptable and can be
configured to address rapidly changing business requirements without coding.
The Rsam platform is suitable to handle large data volumes and process records
as per business requirements while maintaining high-performance levels.
Unlike traditional GRC solution, Rsam offers quick implementations and quick
time to value. Users can start with their baseline configuration focusing on the
most critical use-case and add additional modules later based on growing
business requirements.

The Last Word

GRC solutions are often associated with long implementation and extended time to
value. Traditionally, GRC initiatives by various organizations are fragmented and
addressed with domain-specific and point solutions for specific application by different
departments. Organizations are increasingly facing challenges due to growing
complexities of regulatory requirements and increasing concerns for data breaches,
financial risks, reputational risks, compliance violations. The siloed approach to risk
and compliance management is no longer effective in the present scenario. Users are
increasingly adopting an integrated GRC platform to protect corporate integrity,
improve compliance, enhance brand value, and improve business performance with a
well-designed GRC program.

Rsam, with its integrated and configurable GRC platform, is well recognized for its
flexible technology architecture, adaptability, quick implementation and time to value.
The company has been able to compete successfully in the large enterprise customer
segments and drive significant revenue growth in recent years. Driven by its
comprehensive GRC platform capability and strong customer value, Rsam is positioned
amongst the top three technology leaders in the global GRC platforms market.

Copyright 2018 © Quadrant Knowledge Solutions Private Limited

For Citation, info@quadrant-solutions.com