Vendor: SAI Global
Website: www.saiglobal.com
Product: SAI360 Digital Risk
Price: Starts at $24,000 per year

Recommended

Quick Read

Strengths:
For the organizations handling any type of compliance, SAI360 can populate automatic gap assessments which is extremely useful even for increasing your security posture.
Weakness:
None that we observed.
Verdict:
This continues to be one of the strongest contenders in the GRC space. We make this product our Recommended title for this month.

Rating Breakdown

SC Labs Reviews

Reviews from our expert team

Features:
Rating: %s
Documentation:
Rating: %s
Value for Money:
Rating: %s
Performance:
Rating: %s
Support:
Rating: %s
Ease of Use:
Rating: %s
Rating: 5.00/5 5.00/5

Summary

Tested by: Matthew Hreben & Katelyn Dunn

SAI Global recognizes that current, mostly manual, methods of practicing security cannot keep up with the rate of how the business environment is transforming. More significantly, they see risk and compliance as a potential compass for organizations on their transformational quest to find the right modern toolsets. Their offering in this space is SAI360 Digital Risk, with its focus on identifying and managing vendor risk, compliance risk, digital risk, ethics and compliance, EHS risk, operational risk and business continuity.

SAI360 is designed around the concept of creating relationships and associations for seamless integration within the platform and across the data. Automating these various features and capabilities with integrated content from a network gives users advanced capabilities when it comes to assessing and managing their compliance and security posture. The solution permits users to utilize their out-of-the-box configurations – either as is, or as a starting point for modifications. Notably, userSAI360 also offers role-based customizations, so security officers can ensure analysts have appropriate levels of elevation and access to the data.

The dashboard has a clean layout, offering users an intuitive high-level overview of controls, their status and a count of controls per responsibility. From the overview, users can drill down into a more detailed, integrated subview and see associated causes and risks. SAI360 is not limited by a specific framework and can integrate with any standard. Over 600 frameworks come “in-the-box” as part of SAI360’s content library that users can copy and use as is or modify. Users also have the flexibility to upload their own in the form of a knowledge base.

Windows Power BI is fully embedded within SAI360 and is the driving force behind the analytics that provides the solution’s live reporting. These reports essentially build themselves based on a desired data set. For example, it is possible to identify the top five risks organized by control, which are then visualized in a graph. The more information captured from the system, the more analytics that can be performed on top of that data; users are encouraged to use as many integrations as possible to increase the relevancy of reports. With PowerBI, users can forecast into the future. This information is populated based on the information that is already in the system and returns an estimate for where the range of losses may occur and when.

SAI360 also features NIST self-assessment that users send out for completion, from which an automatic GAP assessment report can be populated. The report has a clean graph and calls out the top risks that were identified, from which analysts can delve down into specific controls. With the NIST 800-53 evaluation example that we reviewed, it is possible to drill down into specific controls and events on a very granular level for easy remediation. We are also intrigued by the potential of SAI360’s forthcoming RiskBot, a natural language tool. Users will simply ask the bot questions and it will show a risk scorecard for vendors. Users can also take a deep dive into the results of a risk assessment. The same scorecard layout as it pertains to that overall assessment will display, but then there is an added ability to send the full assessment to a POC email that has been specified. This feature is currently internal-release only for QA and, at the time of this writing, is still on track to be released to the public in October 2018.