Rsam GRC Platform v 8.2
Strengths: Updated reporting is well done, search, drill-down tools, indicators, KPIs.
Weaknesses: None noted.
Verdict: Complete tool, ease of use is great, handles large data well.
SummaryRsam GRC v8.2 is a platform for risk management and security risk intelligence enabling organisations to perform risk assessments, manage compliance, threats and vulnerabilities, policies, remediation activities, issues, incidents and more. The offering come complete as a full GRC suite. Rsam has also broken out two modules that can be purchased as standalone: the security risk intelligence and vendor risk management modules. The remaining modules that are part of the suite include risk, compliance, remediation, threats and vulnerabilities, audit, incident management and policy.
Rsam operates on an object-based model, structuring all data gathering, processing and reporting around the core concept of an object. In the most general sense, an object is a target for data collection/analysis. By using object definitions, Rsam can be adapted to many environments and accommodate the specific needs of each customer across diverse industries and operational models. It comes complete with a lot of content including 10,000-plus controls for popular regulations and standards. Users can also import their own data. Rsam's Universal Connector is data-source agnostic and allows customers to integrate data from other existing tools without waiting for Rsam to establish a formal relationship with that third party.
There are a number of new features in this release. The user interface (UI) has been updated with new navigation and charting capabilities, along with support for a wide range of browser support. A new metrics generator is included with an easy-to-use GUI for creating and reporting on these. Navigation has been greatly improved through a new search widget. On top of the metrics changes, there are also enhanced KPI/KRI tools available to record, manage and report - along with tools to demonstrate the value of security and security-related costs to the business. Dashboarding and reporting have both been updated. An easy-to-use drag-and-drop tool is available to create dashboards. The visualisation capabilities are better. Reporting has added in BI-like capabilities through integration with SSRS. The tool does all the work so that users don't have to know SQL queries. There is also support for offline decisioning by engaging key stakeholders without needing to have them use the tool itself. The policy management module has also been updated and includes tools to quickly identify policies that need updating based on real time changes in regulatory or compliance requirements.
One nice feature is the ability to include any user in assessments/surveys without the need to define that use in the tool. This seems small, but it is a real time-saver. The import interface is well done making mapping of data a simplified process. The import engine dynamically pulls, aggregates and normalises data from multiple sources, including VM, patch, configuration management and inventory tools. The vulnerability management module (SRI) was flexible, easy to navigate and provides great tools to combine date, slice-and-dice data and create views on the fly.
Rsam is offered both as a cloud-based SaaS offering and customer on-premise software, as well as a hybrid model for vendor risk and SRI deployments. Rsam runs on Windows Server with SQL database backend
Support hours are available 12/5 and includes updates/upgrades to Rsam software and content templates. Support fees are 20 percent of Rsam license fees. The website has a link to the Rsam customer community online portal. The portal contains many support documents as well as a FAQ list and discussion forum. Prices are US-based, thus indicative only.