Shortcoming with RSA Archer
Market Understanding and Strategy – For EGRC, EMC-RSA needs to present more emphasis on the relationship of risk management to strategic objectives and business performance.
Innovation – Archer had a history of not meeting its release dates. Ongoing investment by EMC-RSA is expected to improve its ability to meet release dates.
Product – Although Archer is a strong competitor in the IT GRCM market in which automated controls data collection is a requirement, customer references stated that they would like to see improvements in data collection from automated controls.
Pricing – Although the annual license, enterprise pricing model is transparent, customer references noted a lack of flexibility in pricing for variable use versus competitors’ use.
Customer Experience – Reference customers complain about a decline in responsiveness and communication since the acquisition by EMC-RSA.
Where Fixnix Pitches in ??
We had been a SaaS based GRC offering Company to democratize pricing in different verticals, although we offer an on-premises option, and have a strong focus on the integration of ERM with business performance. We prefer to take advantage of growing interest in EGRC platforms by small and midsize companies.
RSA Archer vs FixNix GRC
We support a risk-based approach, with a strong linkage to performance management.The linkage of risk management to performance management is a key differentiator We also provides risk, compliance and policy libraries. We had been noted that the functionality for ERM and third-party risk management exceeded expectations.The SaaS delivery model is attractive to many companies seeking to minimize upfront costs, especially small and midsize businesses!
Our GRC solution is very simple-to-understand, we have per-user SaaS pricing model and also have an on-premises perpetual license model
Most customers were satisfied with applying the product to several different GRC activities, with some stating that it automates expectations.
Defining the Relationship of Governance, Risk Management and Compliance
"Governance,” “risk management” and “compliance” are general terms that can apply to a wide range of products, IT initiatives and business requirements. These three terms have many valid definitions throughout the industry. These definitions illustrate the relationship of the three terms.
Governance: The process by which policies are set and decision making is executed.
Risk Management: The process for ensuring that important business processes and behaviors remain within the tolerances associated with those policies and decisions, going beyond which creates an unacceptable level of uncertainty. Risks are addressed with a balance of mitigation through the application of controls, transfer through insurance, and avoidance or acceptance through governance mechanisms.
Compliance: The process of adherence to policies and decisions. Policies can be derived from internal directives, procedures and requirements, or external laws, regulations, standards and agreements.
What resources will you rely on to choose a Governance, Risk & Compliance application?
Respondents were asked to choose all that apply allowing more than one choice
- >> 57.9% of all responses rely on Senior Management (CFO, CCO, and Chief Auditor) to choose a GRC system
- >> 42.1% of all responses depend on their own personal research
- >> 32.9% of all responses rely on a Cross-Enterprise internal committee
- >> 31.6% of all responses rely on a Request for Proposal
- >> 31.6% of all responses rely on an External Consultant
- >> 23.7% of all responses will build their own system
- >> 23.7% of all responses rely on Business Associate referral
- >> 17.1% of all responses rely on Gartner’s Magic Quadrant