The GRC Index is an objective
measure to learn about Risk Technology
The human - machine interaction present the greatest opportunities, and the biggest threats, to the performance of risk programs. Understanding risk includes an awareness of the internal and external technology workflows including gaps in visibility to the operation of risk programs. Want to learn more?
To solve the Cybersecurity Paradox through private-public partnerships in research.
Are you familiar with the cybersecurity paradox? In the face of billions spent on cybersecurity, compliance, and staff the threat of cyber risk is growing faster than ever. I witnessed this problem firsthand at Fidelity Investments as the Chief Risk Officer for 20 years overseeing $3 trillion in assets under administration and decided to leave in 2009 to conduct research on the root cause of cyber theft and data breach.
After 10 years of research, I founded the Cognitive Risk Institute and wrote a $3 million proposal, as principal investigator, to the National Science Foundation, and was joined by the heads of cyber research at Harvard, MIT, and UCLA. What that experience taught me is that a more sustainable model of public-private partnerships is needed to conduct research that is self-funded with academics and real-world conditions, not the classroom or lab.
What I am proposing is to raise $1 million dollars that is partially self-funded between cybersecurity vendors, real companies seeking solutions and world-class academics. I am seeking additional funding for students from HBCU and high schools to participate in these research projects in a STEM program with Ivy League Schools and expand nationally. I am asking $50,000 - $100,000/school that will go to the high schools and universities to pay for stipends for researchers to study cybersecurity in real companies for one year and publish their research in peer-reviewed journals.
I have a corporate sponsor in the Information Security industry, the largest cybersecurity media company in the US, and have a current proposal out to Ivy League Schools to join. The goal is to develop a self-perpetuating program to develop the next generation of talent in cybersecurity and to solve the cybersecurity paradox.
Our team of risk analysts have hands-on experience developing real-world solutions to risk challenges. The GRC Index is the product of that experience.
Global Compliance Associates, LLC is the corporate owner of GRC Index, the creation of more than 20 years of experience as a senior risk officer and adviser to large financial services firms. Global Compliance Associates and TheGRCBlueBook were established to provide unbiased research and insights into leading risk management practice using technology. Our reputation as an objective source of practical risk methodology and insights into how humans leverage technology to manage risk is paramount to successful outcomes.
TheGRCBlueBook does not attempt to be all things to all people. Our goal is a simple one:
“Provide objective insight and understanding into the functionality of risk technology platforms.”
This guiding principle requires that the GRC Index not rank firms in its index or pick winners or losers. Our belief is that rankings GRC and RegTech solution providers assumes that all buyers are homogenous in approach and risk profile. The truth is that very simple solutions work equally as well as more sophisticated platforms if the risk profile and needs of a firm are aligned. The challenge is wading through all of the marketing hype and language which promises far more than the actual capability of the GRC risk solutions.
The GRC Index uses publicly available information and 20 years of experience evaluating GRC and RegTech solution providers. Research methods include a variety of approaches inclusive of hands-on experience, surveys, feedback from GRC and RegTech solution providers as well as user-data. Our researchers have the experience to cut through the marketing hype to identify the key functional attributes important to risk professionals. The GRC Index employs risk professionals with decades of experience managing risks and using risk technology to achieve sustainable outcomes.
The GRC Index is created by assigning objective criteria applied consistently across solution providers to allow buyers to make an objective decision about the functional capability of each solution provider. The results of this approach accomplish two key goals:
1. Allows for comparisons and distinctions to be more easily made;
2. Ensures functional risk outcomes are consistently defined by levels of analytical sophistication.
The Index combines these objective criteria with insights into how leading risk practice efficiently operationalizes a solution provider to accomplish specific risk outcomes. The matrices used to create models of solution providers is based on a multidisciplinary approach to risk management. Solution providers are given an opportunity to clarify the measures used in the matrices but are not allowed to determine the final evaluation of the functional capability.
Solution providers will be notified 30 days prior to the publication of new and revised GRC Index publications to clarify the criterion to ensure fairness and objectivity. Solution providers who choose not to participate will be given a disclaimer that the solution provider chose not to update the Index and the results are solely the product of publicly available information and the proprietary analysis of independent risk researchers.
The GRC Index is not intended to be the sole source for making a final decision to choose or not choose a GRC or RegTech solutions provider. The GRC Index may be used to better understand the marketplace of risk technology solutions and to perform due diligence prior to making an informed decision about which vendor is a better fit to address specific risks in each firm.
Conflicts of Interest Disclosures
Conflicts of interest are defined as arrangements where payments are made by solution providers for the use of the GRC Index and brand images in marketing material to promote a vendor’s products or services. Permissions to provide such arrangements are made with an agreement that does not violate the objectivity of the GRC Index nor change the outcomes to benefit one vendor over another. The marketing fees that result from such arrangements are considered payments for use of the GRC Index copyright, brand and images in a vendor’s marketing material, website or marketing collateral.
The GRC Index may be engaged by a technology provider, private equity, and public and private organizations to assist with refining strategic analysis of risk technology, assess and interpret either a market segment or services provided by that company to a specific customer or group of customers. These studies are completed using proprietary assessment tools, methodologies or data-gathering techniques, and include interpretation of the results. These studies are conducted by the Global Compliance Associates’ Risk Advisory Unit.
Global Compliance Associates neither uses nor incorporates the results of individual client-commissioned studies for publication in our subscription research services.
Clients are not allowed to share client-commissioned consulting study results outside of their own organizations. However, studies performed for a government client that is subject to the Freedom of Information Act (FOIA) may be released as required, with restrictions as specified by the FOIA.
All inquiries may be sent to firstname.lastname@example.org by fax at 401-205-1855 or phone at 774-991-9142. All correspondence will be answered within 48 hours.
Contribute to risk research and insights into advancements in risk management practice.
Follow trends in Enterprise Risk Management, Cybersecurity, GRC applications, Machine Learning and much much more!
Have you had enough of the hype surrounding GRC solutions? Confused about what these products do and how they work? Pick up your FREE GRC Functional Capability Matrix.
The Letter from the Editor section highlights topics relevant to risk pros across disciplines. We want to discuss topics top of mind and provide insights that help you navigate the noise in risk management solutions providers. The topics will tackle a broad range of subjects on risk.
Have questions about the GRC Index or just want to learn more and speak with a representative? Contact, message or call us someone will get back to you right away!
The consultants at Global Compliance Associates
combine world class risk
governance with sustainable technology
solutions to enhance assurance.
Proprietary consulting on GRC risk solutions, cybersecurity and regulatory compliance is available upon request.
Customized market analysis develops targeted insights into trends in risk management and advances in technology solutions.
Get 10% off your first purchase when you sign up for our newsletter!
Copyright © 2020 GRC Index - All Rights Reserved.
Powered by TheGRCBlueBook