Aruvio GRC v2.2
June 03, 2013
£2,000 per year per power user (yearly subscription price)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy to deploy
- Weaknesses: Built on Salesforce.com, the platform will be highly dependent on changes. Per-user licence model can be costly to scale to larger organisations
- Verdict: Brings GRC capabilities to the mid-sized organisation in a model that is easy to use and deploy. Pricing is still within the range of enterprise products if access for several users is needed
Aruvio GRC is a complete set of governance, risk and compliance (GRC) applications, including controls, compliance, vendor risk, enterprise risk, incident management and policy and training. These are geared toward mid-sized organisations, as they are designed to be simple to deploy and priced to be attractive for smaller user counts.
It is available as a cloud-based SaaS offering only and is built on top of Salesforce.com technology. As a fully hosted offering, the system is typically deployed in under one week. A web browser can be used to access this product, making it accessible via any device running a web browser, including mobile devices.
Aruvio is an audit-driven solution with modules available to test compliance, preliminary risk and risk assessment and it includes a tool to quickly develop audits and workflows. Being web-based, it uses email notification to users as a workflow engine for all audit and alerting functions. Role-based authentication controls display who has access to what features. Aruvio integrates regulatory compliance documents and consolidates inputs. Users can upload company-specific policy, standard documents or use the pre-loaded common control framework that comes from integrating to the Unified Compliance Framework (UCF). The seamless integration between frameworks and internal standards helps avoid redundant control testing with 'test once, report many'.
Assets and vulnerabilities can be imported from various configuration management databases and vulnerability scanners using an easy-to-use data loader interface. Once loaded, users can perform risk assessment of identified vulnerabilities and threats by assets. There is an asset creation wizard but from what we saw, asset creation looked to be manual, which can be a pro and a con. It is easy to roll up assets to systems, but there will be some setup time to fully create and organise necessary assets.
A policy module is included with the product. One creates policies outside of the tool and uploads them as PDF files. Further, there is a useful feature that allows one to create the training on the policy and track that adherence, as well as a read-and-accept audit-tracking feature. Users can deploy the data from the policy tool to map policies to controls and then measure and report on compliance under one's risk assessment.
A vendor risk module allows administrators to set up white-labelled and branded portals to deliver and track vendor assessments for inclusion in the risk reporting. It appeared to be more of a manual process to get all the data in, but there are data imports that are easy to use. Once information is uploaded, the wizards do make it quick and easy to use and manage that information.
Reporting and dashboard capabilities are well done. Users have numerous reports and views out of the box and one can customise any of these as desired. The dashboards are easy to use and it is simple and quick to get to the detailed data. One can look at a risk profile as a whole or quickly click to a view of risk by any regulatory type, such as quickly see a risk profile for just PCI DSS.
Support is included in the yearly subscription fee and includes 24/7 phone and email access, but there is not a web-based support option.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- Same fate befalls Post Office broadband as hit DT?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Former Expedia IT employee admits to hacking execs from the inside
- Cyber-insurance: What will you be able to claim for and is it worth it?
- Levelling the playing field against targeted attacks
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime
- IoTSF conference: EU should become de facto regulator