Strengths: Very complete GRC solution, easy to use
Weaknesses: A bit pricey but provides a lot for the money
Verdict: Strong GRC solution for large enterprises. Has all of the tools required to develop and manage a risk and compliance program. Recommended
Rsam v7.0 is a comprehensive, seventh generation risk and compliance management solution. It provides assessments, audits, compliance, control testing, enterprise risk management, incident management and issues remediation to threats, vulnerability and vendor risk.
Rsam is an out-of-the-box GRC management platform enabling organisations to seamlessly integrate and manage key elements of risk and compliance programs, including regulatory and standards-based assessments, data from existing scanning devices and ad-hoc auditor findings. It applies comprehensive risk analytics, generates metrics and dashboards and prioritises and manages the remediation of the resulting issues across repeated lifecycles.
It includes an intelligent survey system with out-of-the-box assessments, universal API import engine, strong workflow with risk analytics capability, advanced risk scoring and drag and drop dashboard creation.
Customers can choose to leverage Rsam's pre-populated, best practices frameworks (including ISO, NIST, CobiT, FFIEC, HIPAA, PCI DSS, BITS, GLBA and SOX), incorporate their own existing templates and processes, or any combination of the two.
All Rsam domains are mapped in the background allowing clients to assess targets once, and then map responses to multiple areas of compliance.
There was a lot of content provided with the base solution and it did a great job in providing the summarised, correlated view of risk with various standards and regulatory controls.
The user interface was clean and intuitive and provided a drag and drop-based tool for quickly creating question and response assessments. Full risk-based workflow tools are incorporated and include sign off/validation controls for awareness and auditing. The user interface puts a lot of useful information right at your fingertips and made it very easy to navigate.
Rsam supports imports from industry standard vulnerability scanners and inventories.
Support is available for a fee and includes phone, email and WebEx. It can be purchased either as client side software, which typically deploys in 40 to 60 hours, deploys on a Windows server and requires an SQL backend, or as a hosted SaaS offering.
At a price of £36,000, Rsam v7.0 may seem pricey but it provides all of the tools needed to develop and manage a risk and compliance program.