Audit and Assurance

Expand all | Collapse all

Looking for GRC Tool Decision Table Template

  • 1.  Looking for GRC Tool Decision Table Template

    Posted 09 Jan, 2020 11:44
    Hi all,
    We have created requirements/criteria for procurement of a GRC tool already. I have already read ISACA's Criteria and Methodology for GRC Platform Selection article, in it it shows an example of a decision tree for comparison of vendors. If any of you have put together similar templates to compare services and scores of various GRC vendors, could you please share with me your template. I am now in  the stage of creating such template to compare the offerings I received from about 40+ vendors and would like to possibly use anything you might have already completed in my development, thanks.

    ------------------------------
    James (Jim) Horton
    Senior Manager IT Security Governance, Risk & Compliance
    ------------------------------


  • 2.  RE: Looking for GRC Tool Decision Table Template

    Posted 13 Jan, 2020 12:40
    ​Haven't had a lot of responses so I wanted to share with the community the GRC Tool Selection Decision Table I created for our organization, the requirements are based on what we at ResMed require, yours would be specific to your organization. I stripped out the Vendor section but basically you can create additional column which will line up with your vendors so that each requirement can be considered based on the Vendor's offerings.  More than happy to share with my fellow colleagues as a template in hopes that it helps you in creating your own companies GRC selection tool.  The second section of the tool is derived from an article created by ISACA titled 1001-criteria-and-methodology for GRC Platform Selection and are great insights in helping your organization prepare for demonstrations of the tools provided by vendors. I am attaching both my tool and the ISACA article here for easy reference. Thank you both to @ANAND SINGH and @David Lilja Ph.D for authoring the 1001 criteria and methodology for GRC Platform Selection as I have found it very helpful in shaping our requirements and preparing for demonstrations. ​​​​​​

    ------------------------------
    James (Jim) Horton
    Senior Manager IT Security Governance, Risk & Compliance
    ------------------------------



  • 3.  RE: Looking for GRC Tool Decision Table Template

    Posted 14 Jan, 2020 03:31
    Hello there,
    Thank you for sharing, great job!
    Is there any chance to go deeper in the architecture requirements? I am not sure how to express the idea, which is, more or less, that the selected tool doesn't generates conflicts with the existing structure (OS, network, software versions, etc.).
    Looking forward to reading your ideas.
    Amedeo

    ------------------------------
    [Amedeo] [Maturo Senra]
    [CISA, CIPP/E, Lawyer]
    ------------------------------



  • 4.  RE: Looking for GRC Tool Decision Table Template

    Posted 14 Jan, 2020 10:12
    Hi, I cannot get into the details of our architecture as each organization would have their own. This is something to bring up with GRC vendors you select for demo's and those types of questions and answers can be worked out during collaboration.  R, Jim Horton

    ------------------------------
    James (Jim) Horton
    Senior Manager IT Security Governance, Risk & Compliance
    ------------------------------