Over 279,728 professionals have used IT Central Station research.
Compare the best GRC vendors based on product reviews, ratings, and comparisons.
All reviews and ratings are from real users, validated by our triple authentication process.
The total ranking of a product, represented by the bar length, is based on a weighted aggregate score.
The score is calculated as follows: The product with the highest count in each area gets the highest available score.
(20 points for Reviews; 16 points for Views, Comparisons, and Followers.)
Every other product gets assigned points based on its total in proportion to the #1 product in
that area. For example, if a product has 80% of the number of reviews compared to the product
with the most reviews then the product's score for reviews would be 20% (weighting factor) *
80% = 16. For Average Rating, the maximum score is 32 points awarded linearly based on our
rating scale of 1-10. If a product has fewer than ten reviews, the point contribution
for Average Rating is reduced (one-third reduction in points for products with 5-9 reviews;
two-thirds reduction for products with fewer than five reviews). Reviews that are more than 24 months old,
as well as those written by resellers, are completely excluded from the ranking algorithm.
The most valuable features include: * Ability to access our documents from mobile devices, computers, or anywhere else from a remote location. * Ability to access our policies from mobile devices, computers, or anywhere else from a remote... more»
It has given us the ability to see the actual policies the way that they were intended to be written and utilized. We are an accredited agency, ambulance service, and so it gave us a lot of credibility with our policies with that... more»
* Recent product update led to confusion. * Need to adapt the product for less computer-literate and older users. * Ambulance staff often cannot afford time to learn or re-learn systems. * Try to minimize product updates. * Reduce the price.
The most valuable feature of the tool is its ability to provide line of sight from Buinsess Outcome (Service to be delivered) down to how the resources are configured and connected to make it happen. Understanding how the Business and... more»
It started improving visibility and provided us a better picture of technology dependencies. It has allowed us to better document what the business needs and more cleanly identify the technologies that are going to be needed to support the... more»
Stability is definitely a critical thing. Organizations can not afford to have to be rebooting production systems to add a user or to reset a users session. It needs to be more self-healing. The intuitiveness of the interface. The ability for... more»
Traceability across architecture domains - business architecture and data technology. All of them can connect the dots, and get an end-to-end view of the architecture landscape. That is one of the powerful strengths of the tool. The second... more»
Architecture modeling - since it's repository-based, it's a lot easier for people to query, create their diagrams, and check for modeling rules. That's another good feature that is available. It's easy for us to enforce standards. That's also... more»
The process side love the tool. It helps them to build their current operating model and also to get to the target operating model. That has been helpful and successful. We're still struggling with challenges on the application and technology... more»
We use the PolicyTech solution for our agency's policies and procedures. Their solution allows for a workflow process for development of policies, approval of policies, and review of policies. That's the key. Then, distribution of policies:... more»
It has improved the way my organization functions in a couple of different ways. One is when a process problem occurs. Sometimes, prior to the solution, the knee-jerk reaction would be to write a memorandum or write a policy and distribute it... more»
It's really been a good solution. Maybe the only thing with room for improvement is the reports. We pull reports on a weekly basis. Each department does a report; compliance measures and efficiency measures. We do pull reports out of... more»
The main module we use is ITPM. The ability to have standardized reports around obsolescence and lifecycle management is probably the most valuable. We are trying to move to a more standardized approach regarding how we do lifecycle... more»
We are not using the entire platform, although we are licensed for a couple modules. The main one that we are using is ITPM. The other thing that I think we find useful outside of the obsolescence report is also having a more organized view... more»
I think it has a lot to offer, but we have been focusing in on ITPM. I think we ourselves need to do a little bit more exploration of how we can benefit from some of the other modules. Something that might be helpful is to have a little bit... more»
Transparency in developing a global enterprise inventory of the firm's application and technology assets. The aspect of the tool that appeals to us at this time is the HOPEX IT portfolio management capability. What that portfolio management... more»
If you think about, it's about having transparency, a current, complete and accurate view of your entire application ecosystem. There are a number of benefits associated with that. Whether those benefits be for strategic planning, asset... more»
We've asked the vendor for a number of enhancements to mature the tool. One of those specifically, is a service based interface. Both for feeding data into the tool, and retrieving data from the tool, so that other vendor solutions can... more»
The main benefit of Mega is the fact that you can link data from multiple enterprise architecture practices so that, for instance, business architecture artifacts can link to system architecture artifacts, and so you can get a more complete... more»
Mega can be used to start conversations with the business. We can put a process map or capability map in front of a business user and start a conversation that way. Rather than starting from scratch and interviewing them about what they do... more»
It's very prescriptive right now as to a particular diagram, what objects you can put on that diagram, and sometimes if you're working with the business you might want to just sketch something out rather than have those limitations.. When you... more»
We use it for whistleblowing-type inquiries and reports. They're adaptable as to how we want it to have our processes to work, i.e., either the internet or telephone. Any issues that we have with NAVEX Global are addressed immediately.... more»
It's not the product so much that needs improvement, especially for somebody who doesn't spend a lot of time with it, because I have a lot of other job responsibilities. I'd like to be able to glean answers faster on my own. They're always... more»
The streamlined process of getting policies out to all staff in a quick efficient manner has been most valuable. The Mark as Read attestations have helped in numerous ways. We are also actively using the product to complete annual... more»
Currently we have monthly competencies that the 2 Staff Development Departments would initiate by a manual paper process and have to track staff down for all 3 shifts. Since we have started placing these items on Policytech, we have had a... more»
Employees sometimes need multiple avenues for expressing their concerns. Sometimes, they're just not comfortable allowing people to know who they are. I like the anonymous feature on behalf of the employees. They can still submit a concern,... more»
The one thing that I noticed was, it times out sometimes. Maybe that's a feature that they might have already fixed. When you're in HR, or doing what I do, sometimes you're in the middle of inputting data. There is a lot of work, and it... more»
My role is to facilitate policy management for the organization. We have two Policy Project Managers and our role is to enable consolidation, process and training for the policy management system. PolicyTech provides a good foundation for our... more»
We're using a lot of pieces of PolicyTech right now, but there are still things we haven't done yet. We're still learning and growing with it. Truthfully, the hardest part is that there are some little setup things that need to be done before... more»
We have used Rsam's out-of-the-box modules for: * Vendor Risk Management * Application Assessments * Vulnerability Management * Control Testing * Incident Response * Policy Management We have also built our own modules using their slick... more»
We have far more visibility into our compliance, risks and controls, etc. over the areas we are managing vs accepting risk. Rsam has also been extremely helpful with the annual audits we receive from our regulators. We used another tool... more»
The reporting functions are terrible. They're not very user friendly. There are also implementation support issues, as I’ve mentioned elsewhere. Those are a few things. The other thing is, and I'm not sure that there's a lot they can do about... more»
* The accountability of staff compliance with reading policies/procedures * The automated clearance process * Easy storage of policies and procedures * Using a template to standardize the content and formatting of our P/P * Search function * The ability to upload documents into files
Uploading PDF’s is more time consuming and you have to go in and out of multiple screens/functions. If I want to upload a completed contract, for example, into a category, I have to click on system setting, document setup, import documents, upload the document, wait for the email message to come in that it’s completed the task, then open the document to do the... more»
With OpenPages, the risks and controls are registered and monitored continuously. Furthermore, there is an audit trail function where we are able to see the changes to the items from the time we registered the item. Another useful feature is... more»
IBM OpenPages needs improvement in its UI. Currently, it is difficult to see the relationships and then only they are able to create an incident. After that the issue associated with the incident also needs to be updated. KIs, while useful,... more»
This solution gives an opportunity for anonymous hotline complaints. Before the solution, the complaints came directly to the internal audit, and we knew who made the calls. This way, they can be totally anonymous. Our volume of complaints... more»
I don't have too much to say about improvements. We have only had 22 cases so far. That is not a huge amount. We are still trying to get used to the solution and trying to navigate around. Most of the problems that we have are from our own... more»
Allowing the input of investigation cases, the ability to track information and to compile data. It allows us to prepare detailed reports for different levels of the organization in the form of Excel spreadsheets, graphics, percentages of... more»
In addition to the ongoing process of receiving reports from the organization when anonymous callers would make reports through the hotline, we easily complete an Intake Form with the information received from NAVEX, prepare a file, review... more»
There is an area on the “New Case” screen that I have reported a while back that when we click the drop down boxy to select state, then onto select the city, the state selection selected is deselected, it’s selected again and the city is... more»
CEO & President at a tech services company with 1-10 employees
May 27 2018
What do you think of MetricStream?
Primary Use Case
Where we are using it is for enterprise risk management and operations risk management.
• Improvements to My Organization
It allows us to have all the information in a single place and provide real-time indicators and information for our executives.
• Valuable Features
Usability Ease of configuration
• Room for Improvement
We would like to have more dashboards and reports, such as geographical and trend reports in the next version. Also, an improvement in the mobile version would be helpful.
• Use of Solution
One to three years.
• Stability Issues
It is very stable. Performance is very good.
• Scalability Issues
It scales very well. We are working very well with the solution.
• Customer Service and Technical Support
The valuable feature is just the policy management. I don't know that we do anything particularly innovative with the policy technology. We just use it to manage our policies and make sure that they're being attended to.
We get a huge amount of complaints from users about the email system. They get lots and lots of emails, and they don’t necessarily have a good way to manage them. Sometimes we have challenges with the way it needs to be set up so that certain... more»
So far, the GUI seems more visually appealing than the traditional Nasdaq-BWise application that I am used to. The dashboard on the homepage makes for an enhanced view at a glance of the various work functions applicable to the user. The tabs... more»
MEGA offers a more integrated GRC platform to facilitate enhanced coordination between the functions of Risk, Compliance, and Internal Audit on a single platform solution - HOPEX. The product for us is still in the testing/onboarding phase,... more»
Standardization is lacking. The Operational Risk Function will be more effective if it at a default level follows established Basel standards for Loss categorization, Risk Assessments, Risk Event categorization, etc.