We are 8 months in to our GRC process reset and we have selected the vendor participants for many of the use cases. For a complete discussion of our reset process, read this post.
Brief context: GRC is one of the most flexible terms in the vendor lexicon, because most of them use it to describe whatever they are selling. Also, many of these products are shells that can be programmed to do whatever you need them to do, so we are putting the emphasis on production usage.
Process update: We have completed the reference process receiving 350 completed surveys out of almost 600 provided. Our 60% response rate is a little disappointing but July/August can be a challenging time of year in many countries due to vacations. However, we have more than sufficient response to do our analysis.
We have done final vendor selection for MQ analysis based on revenue and market presence targets for most of our deliverables. This selection does not guarantee publication in the final deliverable pending our analysis.
One of our team has been out on maternity leave and another chose to leave Gartner so it’s been an exciting summer for our process. As a result 2 deliverables are on delay until Q115.
Updates by top 6 use cases
ITRM – Magic Quadrant for IT risk management
Estimated Publication: November, 2014
Vendors in final MQ analysis:
Allgress
RSA Archer
IBM
ProcessGene
Brinqa
Agiliance
ControlCase
Lockpath
MetricStream
Modulo
Nasdaq Bwise
RSAM
ORM – Magic Quadrant for Operational risk management
Estimated Publication: November, 2014
Vendors in final MQ analysis:
IBM (OpenPages)
Wynyard Group
MetricStream
Nasdaq BWise
EMC-RSA Archer
Modulo
SAP
Mega
Enablon
Protiviti
SAS
Thomson-Reuters (Accelus)
BPSResolver/ResolverGRC
Rivo Software
Covalent Software
VRM – Magic Quadrant for Vendor risk management
Estimated Publication: October, 2014
Vendors in final MQ analysis:
Agiliance
Allgress
Brinqa
EMC-RSA Archer
LockPath
MetricStream
Modulo
Quantivate
RSAM
Prevalent
BCMP – Magic Quadradnt for Business Continuity Management and Planning
Published August 7, 2014
GRC Vendors in final MQ analysis (out of 18 total vendors in the MQ)
RSA Archer
MetricStream
Modulo
Quantivate
Lockpath
AM – Market Guide for Audit management
Estimated Publication: Q115
Our colleague Khushbu Pratap is returning from maternity leave this week and will be in touch with vendors who are being considered for the market guide.
CCO – Market Guide for Corporate Compliance & Oversight
Estimated Publication: Q115
Our colleague French Caldwell has retired from Gartner. We are currently seeking a replacement to complete the work on this market guide.
* Please keep in mind that these selections should not be considered endorsements by Gartner. Our rigorous MQ methodology will produce insights to help our clients select the most appropriate technologies for their requirements.
In other GRC process news:
The early returns on the reference surveys are looking very promising. We will be able to identify the most common competitors for the various use cases, the most common reasons vendors are selected, and the most common reasons they are NOT selected. We will also know customer satisfaction by major functional category.
We plan to publish several other documents with the insights gained from this process.
On a personal note, I am in London this week delivering our risk and security keynote and an update presentation on our GRC process. London is a bit of a homecoming because we kicked off this effort 1 year ago here with a presentation called “Killing GRC”. Last week we were in Sydney, and next week we are in Dubai delivering our first risk and security conference in the Middle East.
Follow me on Twitter (@peproctor)