For Security & Risk Professionals

Caveat Emptor: The Best And Worst GRC Platform Customer Experiences

by Chris McClean, October 26, 2009

Governance, risk, and compliance (GRC) programs have a high corporate profile, requiring approval and often participation from top executives. For risk professionals who perform well in the spotlight, that's good news — but failures also attract more . . .

For Security & Risk Professionals

Preparing For A Pandemic: What You Need To Know About H1N1

by Stephanie Balaouras, Chris McClean, October 15, 2009

The likelihood and impact of a pandemic are impossible to predict with much accuracy. Regardless, history tells us that there is a potential for widespread and costly disruption — especially for those who aren't adequately prepared. In May 2009, global . . .

For Business Process & Applications Professionals

Transparency Is The Next Step In Compliance . . . Bring On Enterprise Content Management

Compliance Processes Remain Untamed And Short On Insight

by Craig Le Clair, Chris McClean, August 28, 2009

Milestones in regulation such as the USA PATRIOT Act, Sarbanes-Oxley (SOX) Act, and amendments to the Federal Rules of Civil Procedure (FRCP) helped drive substantial enterprise content management (ECM) enhancements for better document management and . . .

For Security & Risk Professionals

Market Overview: Environmental Management Information Systems

by Chris McClean, Onica King, July 31, 2009

Environmental impact is a growing concern when considering corporate performance and corporate risk. While consumers and investors increasingly expect organizations to demonstrate environmental responsibility, there are also very strict regulatory requirements . . .

For Security & Risk Professionals

The Forrester Wave™: Enterprise Governance, Risk, And Compliance Platforms, Q3 2009

BWise, OpenPages, And Thomson Reuters Take The Top Spots, With MetricStream And AXENTIS Rounding Out The Leaders

by Chris McClean, July 1, 2009

The enterprise governance, risk, and compliance (GRC) market is still relatively young, populated primarily by small but solid pure-play vendors. Growing corporate concerns have raised market expectations, however, bringing new competition from startups . . .

For Security & Risk Professionals

Topic Overview: Governance, Risk, And Compliance

by Chris McClean, April 29, 2009

Successful businesses universally strive to achieve better corporate governance, more effective measurement and management of risk, and greater assurance that compliance requirements are met. Whether or not these efforts bear the governance, risk, and . . .

For Security & Risk Professionals

Privacy Policies And Drivers 2008  (201 KB PPT)

by Chris McClean, April 9, 2009

Privacy programs in North America and Europe typically include policies for protecting corporate intellectual property and sensitive data. Although government regulation is by far the biggest driver for privacy programs in public sector organizations, . . .

For Security & Risk Professionals

The GRC Technology Puzzle: Getting All The Pieces To Fit

Breaking Down The Complex GRC Technology Landscape

by Chris McClean, February 3, 2009

At a time when the global business community struggles to enhance internal controls and maintain long-term viability, improvements in governance, risk, and compliance (GRC) programs can be well worth the investment. Technology plays an integral role in . . .

For Security & Risk Professionals

Consolidation Looms For The IT GRC Market

Industry Takes Aim At More Complete Compliance Management

by Marc Othersen, Chris McClean, January 5, 2009

As companies find ways to streamline compliance programs and reduce costs, the IT governance, risk, and compliance (GRC) vendor market is quickly looking like prime feeding ground for merger and acquisition sharks. Low company valuations, recent leaps . . .

For Security & Risk Professionals

Trends 2009: Governance, Risk, And Compliance Hit The Big Time

The Economic Crisis Of 2008 Makes GRC A Business Priority

by Chris McClean, December 23, 2008

Another bubble burst. The chain reaction stemming from the credit crisis caused an implosion of the global economy. Political, corporate, and economic leaders have argued ferociously about how we can reverse the damage, questioning business ethics, the . . .

For Security & Risk Professionals

Inquiry Spotlight: Governance, Risk, And Compliance, Q4 2008

by Chris McClean, November 3, 2008

Governance, risk, and compliance (GRC) continues to be a hot topic of interest for security and risk professionals. Between July 2007 and July 2008, Forrester's security and risk management team received 1,798 inquiries on a variety of topics — 198 of . . .

For Security & Risk Professionals

CISOs Must Take The Lead On Business Resiliency

Finding Common Ground Among Business Continuity, IT Disaster Recovery, And Information Security

by Stephanie Balaouras, Chris McClean, October 21, 2008

Aggressive global competition, greater service demands, more restrictive regulatory requirements, and increasingly rigid corporate oversight all raise the expectations for achieving and demonstrating business resiliency. Business continuity, IT disaster . . .

For Security & Risk Professionals

Best Practices: Implementing A Governance, Risk, And Compliance Program

by Chris McClean, October 7, 2008

Software applications for managing governance, risk, and compliance (GRC) continue to mature with impressive features and functions. Even more impressive are the organizational and strategic advancements companies are making by closely linking these three . . .

For Security & Risk Professionals

Best Practices: Managing The Responsibility And Associated Risks Of Global Business Partners

by Chris McClean, July 15, 2008

Managing risk and compliance and assuring a commitment to corporate social responsibility (CSR) is hard enough internally. As global corporations extend their partner network, professionals in these functions struggle to define and enforce requirements . . .

For Security & Risk Professionals

Topic Overview: Corporate Social Responsibility

by Chris McClean, July 11, 2008

Corporate social responsibility (CSR) as a topic is currently enjoying the limelight in shareholder meetings, political debate, industry events, advertising space, and other arenas throughout business and popular culture. Corporations worldwide are feeling . . .

For Security & Risk Professionals

Vendor Landscape: Emerging Software Tools For Corporate Social Responsibility

by Chris McClean, April 14, 2008

Companies that take corporate social responsibility (CSR) seriously — and they are increasing in number — have to find ways to map large amounts of disparate data to large numbers of disparate stakeholders. Whether it's helping companies report on fair . . .

For Security & Risk Professionals

Trends 2008: The Changing Landscape For Governance, Risk, And Compliance Professionals

by Chris McClean, February 22, 2008

Corporate governance, risk, and compliance (GRC) professionals must stay ahead of the rapidly changing business environment caused by internal and external fluctuation: changes across emerging markets, new technologies, business relationships, regulations, . . .

For Security & Risk Professionals

The Forrester Wave™: Enterprise Governance, Risk, And Compliance Platforms, Q4 2007

BWise Is The Frontrunner In Overall GRC Capabilities, Followed Closely By AXENTIS, Paisley, And QUMAS

by Chris McClean, Michael Rasmussen, December 21, 2007

Forrester evaluated 15 leading enterprise governance, risk, and compliance (GRC) platform vendors across approximately 100 criteria. BWise demonstrated the strongest overall offering, with AXENTIS, MetricStream, OpenPages, Paisley, and QUMAS rounding . . .

For Security & Risk Professionals

Enterprise GRC Versus IT GRC

by Khalid Kark, Marc Othersen, Chris McClean, December 5, 2007

Technology plays a vital role in governance, risk, and compliance (GRC) initiatives. An effective enterprise GRC strategy will employ technology to drive sustainability, consistency, efficiency, and transparency into GRC oversight. The practice of GRC . . .

For Security & Risk Professionals

Defining IT GRC

by Khalid Kark, Marc Othersen, Chris McClean, December 4, 2007

IT governance, IT risk management, and IT compliance are three distinct disciplines that in the past have existed in silos within organizations. Today, many organizations no longer see these activities as individual, one-time projects handled in separate . . .

For Security & Risk Professionals

Demystifying Enterprise Risk Management

Navigating The Iceberg Of Risk

by Michael Rasmussen, Chris McClean, November 8, 2007

Organizations have always had to manage risk. Business survival requires an organization to successfully manage risk. The challenge is that there are multiple definitions, approaches to, and reporting of risk that are managed in silos across the organization. . . .

For Security & Risk Professionals

How The World's Leading Businesses Address Corporate Social Responsibility

A Detailed Look At CSR And Sustainability Reports Of The Fortune Global 100

by Chris McClean, Michael Rasmussen, October 17, 2007

Corporate behavior is approaching celebrity status. Executive scandals, product recalls, unethical labor practices, and environmental disasters are more closely scrutinized than ever, and the information age does not permit incidents to be swept easily . . .

For Security & Risk Professionals

VeriSign Is A Strong Performer In Security Consulting, Especially In Key Technical Areas

The Forrester Wave™ Vendor Summary, Q3 2007

by Khalid Kark, Chris McClean, September 25, 2007

VeriSign's security consulting practice is working to complement the company's already strong managed security services group. While not as mature or globally widespread as offerings from competitors in the market, the company's technical capabilities . . .

For Security & Risk Professionals

Wipro Is A Strong Performer In Security Consulting With Potential For Rapid Growth

The Forrester Wave™ Vendor Summary, Q3 2007

by Khalid Kark, Chris McClean, September 25, 2007

Wipro's offshoring model is unique among the larger players in the security consulting space. While some customers have mentioned obstacles when working with this model, the cost savings Wipro provides is still a very strong draw for clients. In our evaluation, . . .

For Security & Risk Professionals

KPMG Is A Strong Performer With A Strong Vision And Excellent Client Satisfaction

The Forrester Wave™ Vendor Summary, Q3 2007

by Khalid Kark, Chris McClean, September 25, 2007

KPMG's security consulting practice is relatively small compared to many of the large firms it competes with, but it has focused its attention in key capability areas and is poised for substantial growth. Even with a smaller client base, the company's . . .