GRC Platform Vendor Spotlight: CMO, EMC, IBM, MetricStream and Nasdaq

Governance, risk, and compliance (GRC) constitute three essential dimensions for any organization:

  • The top-level management of a company sets up a corporate governance paradigm through the implementation of structural policies and reforms.
  • Risk management involves the identification and management of various types of risks, including operational risks, financial risks, and fraud.
  • Compliance encompasses policies, procedures, rules and regulations framed by regulatory bodies in a given region. It is essential to ensuring that the products and services delivered by companies are of a standard form.

The GRC platform is an organized and cohesive solution that helps organizations minimize risks associated with corporate operations.

While market growth has already peaked and is expected to slow down over the next four years, market revenue is still expected to surpass $1.88 billion by 2019, growing at a CAGR of 8.35%.

Technavio analysts have compiled a list of the products and solutions offered by five of the global GRC platform market’s top vendors:

CMO

CMO provides GRC and enterprise health, safety, and environment (HSE) software solutions for corporations and regulators.

The company offers the following solutions:

  • Audit and assessment reporting and management software solutions, supporting processes such as risk assessment, planning and execution. These solutions enable companies to manage internal, external and third-party audits across a number of compliance management systems.
  • Environmental solutions, which help organizations record, track, and report several aspects of environmental programmes on a real-time basis. These enables regulatory compliance, sustainability management, and compliance to common management standards.
  • Compliance management, which automates every step in the compliance management process and tracks responsibilities and due dates for legal and non-legal compliance obligations.
  • Health and safety, which enables companies to manage HSE processes, drive consistent operational performance, and reduce the risks and costs involved.
  • Incident management that enables enterprises to manage incidents that cause interruptions to standard operations.
  • Risk management, which helps manage operational risks and consolidate information, and offers an enterprise-wide view of risks across all facilities, divisions, and countries of operation.
  • Third-party management, which manages risks and compliance processes for their suppliers, contractors, and stakeholders, and thus enables continued efficiency in operational performance, apart from mitigating risks and reducing the costs involved
  • Training and competence solutions that enables companies to manage employee skillsets and certifications, schedule inductions, assign trainers, send automated email notifications, evaluate training progress in real-time ,and monitor competency across the organization.

EMC

EMC was founded in 1979 and is headquartered in Hopkinton, US. It provides IT solutions for data storage, virtualization, information security, cloud computing, analytics, and other products and services that manage and analyze data.

EMC

EMC focuses on providing a portfolio of enterprise storage systems and software to its customers for storing, managing, and protecting data. These products include EMC XtremIO, EMC hybrid VMAX, Isilon, EMC VNX hybrid flash unified storage systems, ScaleIO, ViPR, EMC Atmos, and ECS.

Additionally, the companies offers products and services in the following categories:

  • Information security: Protects confidential digital data by reducing the risks of detecting and investigating threats, and confirming and managing identities
  • Enterprise content division: Manages and analyses data by connecting information to work by software and cloud solutions
  • Pivotal: Offers a new platform to customers for developing, running, and managing web applications without the difficulty of developing and maintaining a new application
  • VMware virtual infrastructure: It offers products and services for software-defined data centers, cloud services, and end-user computing

These products include ASOC, RSA Atmos Cloud Delivery Platform, EMC Documentum portfolio, EMC Syncplicity, Pivotal Big Data Suite, Pivotal Cloud Foundry, VMware Virtual SAN, and VMware vRealize Suite.

IBM

IBM provides a wide range of computer products and services, including hardware, software, consulting, and infrastructure services.

IBM

GTS: Provides IT infrastructure and business process services, using its unique technology and IP integrated services within a global delivery model.

GBS: Operates through two primary business areas: consulting and systems integration, and application management services. It delivers business value and innovation to clients through solutions that leverage industry and business process expertise. It drives initiatives that integrate IBM content and solutions and improve the company’s strategic imperatives.

The company’s other segments include:

  • Software: Offers middleware and operating systems software
  • Systems and technology: Offers business solutions that require advanced computing power and storage capabilities
  • Global financing: Invests in financing assets, leverages debt, and manages the associated risks

MetricStream

MetricStream is a market leader in offering enterprise-wide GRC solutions that are used in a wide range of industries, including pharmaceutical, medical devices, automotive, food, manufacturing, energy, retail, and financial services.

The company provides a comprehensive suite of solutions, including:

  • Quality management: Offers a robust quality management software solution that provides a view of all quality programs, facilitating better decision-making.
  • Regulatory compliance: A regulatory compliance management software solution that facilitates compliance with industry-focused guidelines from the FDA, FERC, FAA, HACCP, OMB A-123, AML, Basel II, and Data Retention laws.
  • Risk management: Provides an integrated risk management software solution for documenting and assessing risks, defining controls, managing audits, identifying issues, and implementing remediation plans.
  • IT GRC: Offers an advanced and comprehensive software solution for streamlining IT GRC processes, effectively managing IT risks, and meeting IT regulatory requirements.
  • IT audit management solution: Provides IT audit solutions, including audit management solutions, supplier audit management solutions, store audit management solutions, quality assurance audit solutions, medicare RAC audit software solutions, food quality audit management, medicare audit solutions, and medicaid solutions.
  • IT governance solution: Provides IT governance software solutions for guidance, structures, and processes by implementing IT policy, risk compliance, and audit functions.
  • IT policy management solution: Provides IT policies, standards, guidelines, and awareness, which is critical for good IT governance.

The company’s solutions are used by companies such as Pfizer, Philips, BP, Entergy, Subway, Fairchild Semiconductor, Hitachi, Dell, P&G, UBS, and Kelloggs to address quality management and regulatory compliance issues.

Nasdaq

Nasdaq provides trading, exchange technology, clearing, regulatory, securities listing, and information and public company services worldwide.

Nasdaq

Nasdaq operates through four business segments:

  • Market services: This includes equity derivative trading and clearing, fixed income, cash equity trading, currency and commodities trading and clearing, and access and broker services businesses. The company operates multiple exchanges and other marketplace facilities across several asset classes, including commodities, derivatives, cash equity, debt, structured products, and ETFs. It also offers broker services, clearing, settlement, and central depository services. Its transaction-based platforms enable market participants to access, process, display, and integrate orders and quotes. The platforms enable the routing and execution of buy and sell orders, and the reporting of transactions, offering fee-based revenues.
  • Information services: This includes the company’s data products and index licensing and services businesses.
  • Technology solutions: This segment includes corporate solutions and market technology. The company’s corporate solutions portfolio includes investor relations, public relations, multimedia solutions, and governance. It also offers enterprise GRC software solutions that leverage disparate business processes and content to enhance efficiency, transparency and control. The company has approximately 10,000 corporate solutions clients.
  • Listing services: Nasdaq operates a range of listing platforms worldwide to offer multiple global capital-raising solutions for private and public companies. Its main listing markets are The NASDAQ Stock Market, the Nasdaq Nordic and Nasdaq Baltic exchanges.

For a full list of market vendors and the solutions they offer, check out Technavio’s report on the global GRC platform market.