Vendor: Acuity Risk Management
Product: STREAM Integrated Risk Manager
Price: Starts at $1,979 for the Personal Edition, $3,292 for the Server Edition
- Highly customizable and in-depth configurable GRC Tool.
- Although Acuity does have a help desk and website support option, we would like to see support hours at 7x24 instead of 8x5. Especially with the higher priority support level.
- From a single consultant usage to a large enterprise, STREAM is extremely scalable while offering top of the line reporting.
SC Labs Reviews
Reviews from our expert team
Tested by: Matthew Hreben & Katelyn Dunn
Risk management tends to be time-consuming and requires a lot of manual oversight. It is difficult to maintain visibility on risk and challenging to demonstrate progress for budget purposes. Even producing reports is a laborious task. Acuity Risk Management has, therefore, developed STREAM Integrated Risk Manager, available as SaaS or on-premises installation, to solve these issues. The solution helps manage risk while addressing multiple, overlapping regulations, framework, policies and contracts. And it allows users to easily demonstrate their risk-based approach to stakeholders.
The majority of Acuity’s user base uses STREAM for privacy, risk management and compliance across various frameworks because it allows for better handling of scope and complexity. Organizations typically maintain a variety of assets – some locally, others shared – and STREAM helps to visualize and manage the steps and risks of all assets with an integrated database that offers multiple views to the user.
STREAM investigations begin with a regional-level view, providing users with a broad view of risks. With simple navigation, users can delve further down to a sub-regional locale, which connects to the register of security risks. Here, users can compare correlated risks and their current acceptance states and drill into each specific risk’s location to see the metrics and controls relevant for mitigation.
Users have access to all necessary information to make informed best-practice decisions, contained in a single page. Within each risk is a description, the data in use, the impact that risk will have on business indicators and which business indicators are accepted. STREAM’s complete user flexibility is seen again in the allowance of changing how much detail is visible by specific personnel.
The STREAM Integrated Risk Manager has a colorful dashboard with a plethora of configurable options, allowing the customization of different roles for users to have their own unique dashboards, ensuring everyone has adequate elevation. Various widgets within the dashboard generate summaries of the state of security across a variety of areas. This information is personalized to the currently logged-in user based on what they have permission to see, including a general-purpose dashboard for the CISO/security manager.
When parsing through controls, users can filter by various control frameworks or view all those across the corporation at once. To make this extensive data easier to peruse, STREAM offers a variety of filter options. Users can filter their search by those controls overdue for an assessment, or they can sort the list with the weakest controls at the top.
Residual risk assessments can be employed in the process of mitigating risk with visibility of the actions related, status, priority, due dates and a complete history of previously conducted assessments. When a user changes a control implementation, it will change the residual risk and trigger an automatic reassessment.
Incident reports show users any near misses, audit findings and vulnerabilities. This report can be qualitative or quantitative, another marker of STREAM’s top-to-bottom customizability. SQL’s server database is the driving force behind these reports and assessments with well-defined schema. The data is put through and then AI makes sense of them.
While it is used mainly by larger enterprises, STREAM was designed to be a flexible model. Therefore, it also supports medium-sized enterprises with less than 100 users. Such users can benefit from the value-priced small business edition, which limits only reporting options, or a single user edition. The latter is available as a free trial that installs on a single device and is indispensable for consultants who specialize in GRC subject areas.