The GRC Index is an objective
measure to learn about Risk Technology
Global Compliance Associates, LLC is the corporate owner of GRC Index, the creation of more than 20 years of experience as a senior risk officer and adviser to large financial services firms. Global Compliance Associates and TheGRCBlueBook were established to provide unbiased research and insights into leading risk management practice using technology. Our reputation as an objective source of practical risk methodology and insights into how humans leverage technology to manage risk is paramount to successful outcomes.
TheGRCBlueBook does not attempt to be all things to all people. Our goal is a simple one:
“Provide objective insight and understanding into the functionality of risk technology platforms.”
This guiding principle requires that the GRC Index not rank firms in its index or pick winners or losers. Our belief is that rankings of GRC and RegTech solution providers assume that all buyers are homogenous in approach and risk profile. The truth is that very simple solutions work equally as well as more sophisticated platforms if the risks and needs of a firm are complementary. The challenge is wading through all of the marketing hype and language that promises far more than the actual capability of GRC risk solutions.
The GRC Index uses publicly available information and 20 years of experience evaluating GRC and RegTech solution providers. Research methods include a variety approaches inclusive of hands-on experience, surveys, feedback from GRC and RegTech solution providers as well as user-data. Our researchers have the experience to cut through the marketing hype to identify the key functional attributes important to risk professionals. The GRC Index employs risk professionals with decades of experience managing risks and using risk technology to achieve sustainable outcomes.
The GRC Index is created by assigning objective criteria applied consistently across solution providers to allow buyers to make an objective decision about the functional capability of each solution provider. The results of this approach accomplish two key goals:
1. Allows for comparisons and distinctions to be more easily made;
2. Ensures functional risk outcomes are consistently defined by levels of analytical sophistication.
The Index combines these objective criteria with insights into how leading risk practice efficiently operationalizes a solution provider to accomplish specific risk outcomes. The matrices used to create models of solution providers is based on a multidisciplinary approach to risk management. Solution providers are given an opportunity to clarify the measures used in the matrices but are not allowed to determine the final evaluation of the functional capability.
Solution providers will be notified 30 days prior to the publication of new and revised GRC Index publications to clarify the criterion to ensure fairness and objectivity. Solution providers who choose not to participate will be given a disclaimer that the solution provider chose not to update the Index and the results are solely the product of publicly available information and the proprietary analysis of independent risk researchers.
The GRC Index is not intended to be the sole source for making a final decision to choose or not choose a GRC or RegTech solutions provider. The GRC Index may be used to better understand the marketplace of risk technology solutions and to perform due diligence prior to making an informed decision about which vendor is a better fit to address specific risks in each firm.
Conflicts of Interest Disclosures
Conflicts of interest are defined as arrangements where payments are made by solution providers for the use of the GRC Index and brand images in marketing material to promote a vendor’s products or services. Permissions to provide such arrangements are made with an agreement that does not violate the objectivity of the GRC Index nor change the outcomes to benefit one vendor over another. The marketing fees that result from such arrangements are considered payments for use of the GRC Index copyright, brand and images in a vendor’s marketing material, website or marketing collateral.
The GRC Index may be engaged by a technology provider, private equity, and public and private organizations to assist with refining strategic analysis of risk technology, assess and interpret either a market segment or services provided by that company to a specific customer or group of customers. These studies are completed using proprietary assessment tools, methodologies or data-gathering techniques, and include interpretation of the results. These studies are conducted by the Global Compliance Associates’ Risk Advisory Unit.
Global Compliance Associates neither uses nor incorporates the results of individual client-commissioned studies for publication in our subscription research services.
Clients are not allowed to share client-commissioned consulting study results outside of their own organizations. However, studies performed for a government client that is subject to the Freedom of Information Act (FOIA) may be released as required, with restrictions as specified by the FOIA.
All inquiries may be sent to firstname.lastname@example.org by fax at 401-205-1855 or phone at 774-991-9142. All correspondence will be answered within 48 hours.
The GRC Index is designed by risk professionals for risk professionals in audit, risk, compliance and IT security.
We don't use paid endorsements, GRC Pundits, or misleading rankings to define "leaders" in GRC solutions. The only metric that matters is how does the risk platform help me manage risks. Period!
The GRC Index is based on a methodology that evaluates functional capability, data automation, and ease of administration. We explain HOW each individual risk module in a GRC platform works so buyers can make informed decisions when comparing which risk platform aligns with their current or future risk program. The result is an easy to read Functional Capability Matrix.
Risk technology is not defined by acronyms! Terms like GRC, IRM, RegTech, FinTech, InsureTech have become a confusing alphabet soup. The GRC Index uses plain English, unbiased metrics and transparency into the capability of each solution module within a risk platform.
The GRC Index is the only science-based measure of GRC risk tools. We have no conflict of interests or "pay to play" schemes to promote one product over another.
The GRC Index does not pick winners or losers! Our mission is to educate buyers of risk technology to make informed decisions. GRCIndex Intro!
Our team of risk analysts have hands-on experience developing real-world solutions to risk challenges. The GRC Index is the product of that experience.
Contribute to risk research and insights into advancements in risk management practice.
Follow trends in Enterprise Risk Management, Cybersecurity, GRC applications, Machine Learning and much much more!
Have you had enough of the hype surrounding GRC solutions? Confused about what these products do and how they work? The GRC Index is the only objectives based methodology to learn how these tools help you manage risks.
The Letter from the Editor section highlights topics relevant to risk pros across disciplines. We want to discuss topics top of mind and provide insights that help you navigate the noise in risk management solutions providers. The topics will tackle a broad range of subjects on risk.
Have questions about the GRC Index or just want to learn more and speak with a representative? Contact, message or call us someone will get back to you right away!
The consultants at Global Compliance Associates
combine world class risk
governance with sustainable technology
solutions to enhance assurance.
Proprietary consulting on GRC risk solutions, cybersecurity and regulatory compliance is available upon request.
Customized market analysis develops targeted insights into trends in risk management and advances in technology solutions.
Copyright © 2020 GRC Index - All Rights Reserved.
Powered by TheGRCBlueBook