Is Another Man's Opportunity.
Enter the likes of the IT Unified Compliance Framework (ITUCF) (with their nice snazzy website update over the last year..). Their objective early in the game several years ago was to identify and correlate authority sources and documents from government agencies, standards bodies, and vendors. Massive undertaking. Simply massive. This is the classic case of how to put an elephant to sleep. Read one authority document at at time.
Opportunistic entrepreneurs and vendors created software tools to help manage the C in GRC. Many leverage (license) in whole or part the work of the ITUCF. Some target the entire enterprise, and others only IT. Consider the following from the well respected Michael Rasmussen of Corporate Integrity:
"The GRC software space is vast with numerous vendors. In fact, in my market models there are over 400 GRC software providers that span 28 primary categories (with numerous sub-categories) of GRC related software. Nine of these categories encompass components of an enterprise GRC platform (though no vendor does all nine components), 19 of the categories are focused in specific business functions/processes of GRC. Of the 400 vendors, it is under 50 that market and present themselves in the enterprise GRC domain."Enjoy the Wave Dude. Enjoy the Wave.
OK - So maybe it's not perfect, or you consider it biased, or have some other stigma that prevents you from enjoying the Magic Carpet Ride that is the Forrester Wave. I personally don't have the time to learn about every technology niche and vendor play. The summaries are fantastic. I've learned to filter the content and appreciate the organization. The best part? Someone else does the work, and the winner of whatever contest is showcased usually pays for your right to view the content. Why? Because they paid someone off? Or because they are thrilled with the results and want to showcase their peer praise to the world? Enjoy the Wave. It's a short ride.
ARC Logics, BWise, Compliance 360, Enablon, IBM OpenPages, Mega, Methodware, MetricStream, Protiviti, RSA Archer, SAP, SAS, Thomson Reuters
Agiliance, ANXeBusiness, ControlCase, Easy2Comply, Modulo, RSA Archer, Rsam, Symantec