Modulo Risk Manager v8.4
Strengths: Reporting and visualisation, new ERM is strong.
Weaknesses: None noted.
Verdict: A powerful tool that can deploy with little effort for out-of-the-box functionality, or users can put in the work to customise We make this one our Best Buy.
Modulo Risk Manager automates GRC processes, integrating different areas and activities and allowing for centralised reporting. It automates processes for analysing, evaluating, treating and maintaining control over business enterprise risks. This software platform also ensures that incidents and any deviations from standards and policies can be recorded and responded to in a timely fashion.
There are several modules that make up the GRC suite. Risk management provides quantitative and qualitative information on identified risks, and prioritises actions and supports the decision-making process while tracking improvements as risks are addressed. Risk Manager also helps organisations assess and achieve compliance with regulatory standards. Compliance management uses Modulo's MetaFramework and compliance knowledge bases. Users can easily map controls across many regulations, including support for SOX, PCI, HIPAA, ISO 27001/27002, COBIT, GLBA, FISMA, NERC, NIST 800-53, A 130, BASEL II, BS27999, FISAP and DOD 8500.2.
Users can also import internal policies and standards. The Policy Management module enables organisations to administer policy management efforts while assessing compliance with stated policies and controls. All of these are brought together through the Workflow Management Module. This module is used to automatically move tasks through the Risk module. It can also determine the steps that risk remediation, notifications and exceptions must move through. An impressive visualisation tool called a treemap can be used to show the relationship and status of incidents. Incident Management is also supported through this workflow tool, so users can track the origination of an incident through the automation of workflow steps in remediation to the resolution of an incident. The content libraries are strong and contain knowledge bases, controls, regulations and standards, surveys and frameworks. Version 8.4 includes 400-plus knowledge bases (27,000-plus controls) and 180 frameworks.
New to this version is a GRC Intelligence module, a portal for integrating real-time information from any data source - including IT security, physical security and incident management tools, vendor surveys, and social and mobile analytics. A fully integrated enterprise risk management (ERM) offering delivers broader reporting and visibility, including new key risk indicators. There is a new vendor risk manager capability that . integrates the shared assessments out of the box and scales up to hundreds of thousands of third parties. There also is a new vulnerability risk management module.
The tool integrates vulnerability and threat management, and integrates and leverages findings from popular vulnerability scanners to aggregate and correlate the output against the assets. This module can also help to provide valuable information to prioritise remediation activities. There are several new connectors in this version as well, extending its integration capabilities. The Policy Module has been updated to deliver a more user-friendly policy builder tool. There is also the ability to integrate the risk module to any source of information. Even if connectors do not exist, users can extend the capabilities as far as desired. Reporting and visualisation have been updated and are still very strong.
First-year support is included in the license fee. There are several support options available to meet one's needs. Standard support is eight-hours-a-day/five-days-a-week and premium is available to extend the hours through several options up to 24/7. Prices are US-based, thus indicative only.