Q&A with a GRC Software Vendor

Earlier this week, I asked Navistar IT Source Manager Steven Kelly how and why his company selected a GRC application from BWise.

Today, I'm going to post the responses BWise Chief Technology Officer Luc Brandts sent when I asked him to identify some of the most effective software selection practices he's witnessed from the vendor perspective. Brandts pointed to the following four tactics, or practices:

1. Organizations are looking for easy-to-use solutions when selecting a vendor to meet their compliance needs. A vendor should be capable of helping individuals throughout the organization quickly perform their risk and compliance tasks once, and then be able to use those results several times.

2. Ease of implementation, based on proven best practices, is important to many companies looking for a GRC solution. In order to quickly reduce costs and maximize control of their organizational operations, companies want their GRC solution to be implemented as quickly and efficiently as possible.

3. The implementation of a risk-based approach is essential in order to reduce unnecessary compliance costs as much as possible. A GRC best practice to help a company mature with its solution is to think big, but start small and scale up later.

4. Organizations need a process-driven approach to put business back in the center of the discussion, rather than focusing solely on compliance. This approach helps companies to become more streamlined, more customer-oriented, have lower compliance costs, and be more agile.