How has it helped my organization?
Before we implemented GRC Suite, our reports were scattered everywhere. We didn't have enough control over the evidence and artifacts that we need to provide to the auditor. Now we have centralized storage and solid reporting.
What is most valuable?
The dashboard is nice. We can provide different levels of access to users based on their titles, privileges, rights, etc. It streamlines the process of auditing and technical compliance.
What needs improvement?
GRC Suite could have better third-party risk assessment. Maybe they can have a module that can perform certain jobs like security incident and vulnerability management because I haven't seen this module on their platform. They have modules for other functions, such as risk management compliance and governance, and they have servers in the system.
For how long have I used the solution?
I've only used GRC Suite for two months.
What do I think about the stability of the solution?
So far, so good. We haven't had any issues since we implemented it.
How are customer service and support?
Resolver's support has been great so far. They have to respond in the time specified in the SLA. Thus far, there haven't been any delays in violation of the terms and conditions of the SLA.
How was the initial setup?
The setup was straightforward because we were well prepared. We spent three months discussing GRC Suite's technical capabilities and how we wanted to set it up. The planning took a lot of time. We defined our specific technical requirements and the scope of the work, so we moved forward based on our precise needs. We understood what we wanted, and that made the implementation smooth.
Which other solutions did I evaluate?
We evaluated some other options, like RSA Archer, which is a large, complex platform. MetricStream also wasn't a good fit for us. GRC Suite was the easiest of all the products we tried. We like an easy implementation.
What other advice do I have?
I rate GRC Suite eight out of 10. It's an excellent product. Maybe we need to do more work to customize it and adopt specialized design templates, reporting, and dashboards. Also, we still need to integrate it with various vendors and platforms. If you're thinking about trying GRC Suite, my advice is to know what you need. Don't leave it up to the vendor to decide by themselves. It's easier if you have a narrow scope of work and a particular requirement. You must be precise about the kind of reporting and dashboards you want. Look for the easiest solution.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
