Rsam v 7.2
Strengths: Purpose-built for GRC, smooth integration and mapping/translate features to group data, strong tool for alerting and automation.
Weaknesses: A comprehensive solution that takes some time to deploy and get to a fully functional point.
Verdict: Has all the features wanted to manage risk at all levels of the organization. It receives our Recommended designation.
SummaryRsam Framework and Rsam Risk & Compliance Management Module is designed to effectively identify, assess, manage and mitigate risks, while providing enterprise-wide visibility, oversight and assurance. Rsam supports deployment in the areas of assessment, audit, compliance, enterprise risk, incident management, issues and remediation tracking, policy management, threat and vulnerability management and vendor
The product is offered as both a cloud-based solution and client-side software. For the software option, both a database and web server are required.
The Rsam GRC (governance, risk and compliance) platform combines business criticality, regulatory assessment data and vulnerabilities into a centralized framework to track all risks, controls and remediation activities. This allows administrators to integrate survey-based risk assessments with automated and manual findings-based risk management data to define and implement a successful GRC program.
Some of the standout features included the ability to integrate with a user directory for authenticating and pulling in role data. The dashboard had a business intelligence look and feel. The tool is attractively laid out, and it is simple to group and adjust objects on the fly. The product is workflow driven and has a built-in ticketing system for managing incidents and data collection. We also liked that all data and graphics can be easily outputted for use in other applications. There are numerous templates for reporting, with the ability to create or customize as needed. Another useful feature provides the ability to create any report against any data in the database through a simple interface. The product took that and automatically created the SQL code needed to pull and format that data in Visual Studio.