Select and Implement a Governance, Risk, and Compliance (GRC) Solution

Vendor Evaluation


This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • Significant resources are required for an organization to leverage solutions to manage governance, risk, and compliance information. However, these efforts to manage the GRC solution are still often less than the efforts required for ad hoc and retroactive management.
  • GRC solutions can seem overwhelming, and for good reason, as they enable the management of a broad range of operations from risk management to financial controls management.
  • Depending on your organization size, compliance requirements, and budget, GRC will be an investment. Ensuring your team understands roles and responsibilities prior to implementation will help ease the transition into using this new tool.

Our Advice

Critical Insight

  1. A complete GRC solution is not always required: Everyone needs a firewall, but not a GRC solution. GRC can be a costly investment (i.e. in terms of money, time, and resources). If necessary, affordable alternatives are available.
  2. A GRC solution is one part of the bigger picture: A GRC solution today is for managing GRC, and will not work without proper controls and processes already in place.
  3. Be strategic when deploying modules: Initiate a phased roll-out of modules rather than all of them at once. Focus on your highest priority needs, then gradually introduce new components to prevent boiling the ocean.

Impact and Result

  • Short-term: Evaluate the players in the GRC marketspace to select the right solution based on your requirements. Avoid common implementation pitfalls and plan for effective system operations and management once your contract has been negotiated and finalized.
  • Long-term: Increase operational efficiency by providing visibility to improve your GRC controls. Leverage these management solutions to reduce manual data manipulation, thus increasing automation, allowing users to focus on primary jobs. 


  • French Caldwell, MetricStream
  • Mike Rost, MetricStream
  • Vasant Balasubramanian, MetricStream
  • Andre Da Silva, NBN Co Ltd.
  • Christ Desjardins, Ecom Trading
  • Louis Lerman, International Monetary Fund
  • BG Naran, MDC
  • Frank Santora, Hudson City Savings Bank
  • Teri L. Toth, U.S. Pharmacopeial Convention 
  • +1 Anonymous Contributor

Want to Participate in Our Research?

  • Analyst Interviews: Share your best practices, opinions, tools or templates with your peers.
  • Webinars: Interactive session to keep us focused on topics you want to tackle.
  • Upcoming Workshops: Accelerate your project with an onsite, expert analyst to facilitate a workshop for you. Contact us for more details.

Become a Participant

Get the Complete Storyboard

See how all the steps you need to take come together, with tools and advice to help with each task on your list.

Download Now

Get to Action

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should implement a GRC solution, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

  1. Launch the GRC selection project

    Assess the value and identify the organization’s fit for a GRC solution, and structure the GRC selection project.

  2. Select a GRC solution

    Investigate the vendor landscape, produce a vendor shortlist, draft and evaluate RFPs, and conduct vendor demonstrations to select the right GRC solution.

  3. Plan the GRC implementation

    Plan the GRC implementation and measure the value of the GRC solution.

Guided Implementation icon Guided Implementation

This guided implementation is a seven call advisory process.

    Guided Implementation #1 - Launch the GRC selection project

  • Call #1: Identify organizational fit for the GRC solution and create the project plan.

  • Call #2: Identify the most appropriate use case.

  • Guided Implementation #2 - Select a GRC solution

  • Call #1: Understand the GRC vendor landscape.

  • Call #2: Shortlist the vendors and create an RFP.

  • Call #3: Score RFP responses and review contracts.

  • Guided Implementation #3 - Plan the GRC Implementation

  • Call #1: Plan the implementation.

  • Call #2: Finalize success metrics.

Onsite Workshop

Module 1: Launch the GRC Project

The Purpose

  • Understand the GRC marketspace.
  • Plan the GRC procurement process.
  • Identify the use case scenarios that align with your GRC requirements.
  • Determine baseline metrics to evaluate the solution’s effectiveness.  

Key Benefits Achieved

  • Be aware of the options existing and where the market is going with respect to GRC solutions.
  • A formally documented procurement process will keep the process on track as individuals are aware of roles, responsibilities, deadlines, etc.
  • Focus on the use case scenario that applies to your organization.
  • Assess your GRC solution based on concrete metrics that matter.

Activities: Outputs:
1.1 Discuss the current GRC market.
  • Realistic perspective of the GRC marketspace.
1.2 Determine if a GRC solution is right for you.
  • Aspects that require a fully implemented GRC module.
1.3 Develop the GRC Procurement Charter.
  • Formalized procurement process.
1.4 Identify your best-fit use-case scenario.
  • The most appropriate use-case scenario to structure your evaluation around.
1.5 Brainstorm baseline metrics and target goals to gauge the solution’s effectiveness.
  • Set of metrics to track the effectiveness of the solution.

Module 2: Plan Your Procurement and Implementation Process

The Purpose

  • Review the vendor profiles to understand strengths, weaknesses, and challenges.
  • Customize the RFP to submit to vendors.
  • Ensure vendor demos focus on the features you care about, rather than simply highlighting their strengths.
  • Learn from best practices to streamline the implementation process and leverage all available resources to get started.

Key Benefits Achieved

  • Select a solution that meets your requirements and fulfills your specific needs. What’s best for one organization isn’t necessarily best for everyone.
  • Save time developing the RFP to share the statement of work, scope of work, requirements, budget & estimated pricing, etc.
  • Realistic view of the products performing relevant tasks.
  • Simplified and efficient implementation plans.

Activities: Outputs:
2.1 Analyze the vendor landscape.
  • Detailed understanding of the vendor landscape.
2.2 Create a custom vendor shortlist.
  • Narrowed down list of suitable solutions.
2.3 Develop Request for Proposal (RFP).
  • Completed and reviewed RFP document.
2.4 Standardize a Vendor Demo Script.
  • Fairly evaluated vendor demos.
2.5 Plan the implementation, including building, testing, and rolling it out.
  • Best practices regarding GRC implementation.

Workshop Icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now

Hide Details

Search Code: 77368
Published: April 22, 2015
Last Revised: September 29, 2015

GET HELP Contact Us
VL Methodology