Managed services continue to grow at a steady pace, boosted by remote work and the challenges of staffing an IT team with talent in high demand.

This increasing need for MSPs has created a sizable market. Grand View Research reports that the global MSP market was valued at $239.71 billion in 2021 and is expected to grow to $267.35 billion this year.

With thousands of MSPs out there, it can be difficult for an organization to find the right MSP to suit their needs. Here we’ll narrow the market to some of the very best managed service providers in the IT space, explain their pros and cons, and give you the tools you need to make the best decision for your business. There are many more good ones out there, however, so consider this list a starting point to help define your needs.

Key MSP Traits to Look for

As when shopping for any product, there are a few traits to look for when choosing the right MSP. These are just a sampling of the factors that may play into a prospective MSP buyers’ decision-making process.

Good Customer Reviews

The first thing to look for is good customer reviews — this includes tapping your peer network too. Online reviews won’t be scientific, of course, and vendors will certainly want to solicit reviews from happy reference customers, but reviews can provide excellent insight into what is and isn’t working in a product. It’s especially good for finding the issues in a product or service, as repeated reports of the same issue by multiple customers makes it likely that the same issue could trouble the prospective buyer as well. If you can’t find any publicly-available customer reviews, we recommend that you ask the MSP for customer references or consult your personal network of contacts for anyone who might have used the MSP in the past. Look for use cases similar to yours of course — the more closely aligned the source is with your needs, the more relevant the feedback will be.

Service Bundles

While enterprise-level businesses might be able to afford to hire specialist MSPs for their specific needs, small-to-midsize businesses will probably want to consider MSPs that offer multiple services or service bundles. This allows them to get similar services at an overall lower price and means they only have to manage one point of contact.

Certifications

Depending on your IT needs, it can be important to check to make sure the MSP is certified in the sort of things you’re looking for. Depending on the service being provided, you might look for ISO, WWWC, 3GPP. IEEE, ECMA, and others. For specific individuals in a company, Microsoft, Cisco, and CompTIA certifications are also worth looking for. If a service provider’s staff have the right certifications for your needs, they might be one of the best-available MSPs on the market.

Service-Level Agreements

Service-level agreements (SLAs) lay out all the responsibilities you retain and what responsibilities the MSP takes over. SLAs may also offer guarantees for things like response times for open tickets or the amount of uptime for services. For example, a managed security service provider (MSSP) might guarantee a 5-minute response time to all alerts and alarms and will reimburse you for every minute its employees are late. Network downtime might be another issue you’d want an SLA for.

Read More At: Best Managed Security Service Providers (MSSPs) 2022

Top IT MSPs 2022

Burwood Group

Headquartered in Chicago, the Burwood Group offers digital support for clients nationwide, both virtually and in-person. In 2021, the firm was named a Google Public Sector Partner of the Year for U.S. Education for the second year in a row.

With its 25 years of experience, Burwood provides excellent IT consulting services. Additionally, it can furnish interested customers with 24/7 network management that can support on-premises, hybrid, and cloud environments.

Burwood also provides monitoring and event management services for ticket handling, issue tracking, and uptime monitoring. This allows clients to free up any in-house IT staff to work on other essential tasks.

Overall, the Burwood Group is great for organizations looking to deploy new technologies or who need an experienced partner to upgrade their digital strategy. 

Right! Systems

With offices in Washington state, Oregon, and Idaho, Right! Systems provides IT managed services both in the Pacific Northwest in-person and across the nation virtually. Managed services on-offer include cloud services, data center management, security, and project management.

Alongside managed solutions, the firm supplies clients with 24/7 emergency IT and support services.

When a client starts with Right!Systems, they are given a customized technology strategy designed to synergize with their business plans. This allows the client to figure out which products, solutions, and services are right for their organization.

Right! Systems is an excellent choice for groups in the Pacific Northwest looking for hands-on IT management and project management services with options for cloud and data centers as well.

Dataprise

Though headquartered in Maryland, Dataprise has offices around the nation, including in Virginia, Tennessee, California, New York, New Jersey, Florida, Texas, Pennsylvania, and Washington D.C.

With this wide-ranging number of offices, Dataprise furnishes clients with fully-managed IT services and solutions, as well as managed services for cybersecurity; disaster recovery; detection and response; and infrastructure.

Dataprise also offers both on-site support and a 24/7 help desk based on what its clients need in the moment to keep their organization operating efficiently. Interested customers can pick between individual and bundled services based on their organization’s specific requirements.

Dataprise is recommended for small businesses looking to outsource a variety of managed IT services to save on cost without losing much of the care and attention that in-house IT staff can provide.

NexusTek

As more businesses transition to allowing hybrid and remote work models, service providers like NexusTek are seizing the momentum through Infrastructure-as-a-Service (IaaS), Hardware-as-a-Service (HaaS), Desktop-as-a-Service (DaaS), cloud hosting, and other online services to help transitioning businesses make the changes necessary to facilitate large-scale remote and hybrid work scenarios.

NexusTek provides full management of their cloud hosting services to make sure client companies’ data is efficiently managed and protected. With nearly 20 years of experience as an MSP, NexusTek also provides a number of Microsoft Online services if interested companies are in need of support in that area.

Though based in Greenwood Village, Colorado, NexusTek’s cloud and IT services can be fully managed virtually across the country, much like the remote work these services help make happen.

Overall, NexusTek is recommended to organizations looking to grow their hybrid and remote work options and want an MSP who offers many of the services needed to make that expansion go smoothly.

Read More At: The Best Tools to Successfully Train Remote Employees

Electric

Also known as Electric AI, Electric focuses on offering excellent IT services to small businesses to ensure small business employees are better able to do the job they are paid to do.

Notable services and support on-offer include IT infrastructure development, IT process standardization, and real-time IT support. The company claims this real-time support is deliverable within 10 minutes or less.

On top of its managed services, Electric provides an IT management platform which allows clients to streamline processes like employee onboarding.

While based in New York City, Electric’s network of specialists hit most major American cities including Seattle, Boston, Dallas, Cincinnati, Denver, and Los Angeles. Their services are also provided virtually.

Electric is recommended for small businesses looking to free up company resources by outsourcing IT services.

All Covered

With locations across the US, Mexico, the Caribbean, and more, All Covered offers a diverse suite of managed IT services and solutions. These services include IT helpdesk, application development, IT strategy, cybersecurity, cloud services, infrastructure management, and server backup. 

When they sign up, organizations get a service plan customized for their specific needs which allows them to supplement existing IT staff for either long-term use or on specific projects.

The firm supplies customers with 24/7 phone and live chat support and an easy-to-use client portal through which clients can check the status of support tickets or schedule maintenance visits.

Part of Konica Minolta, All Covered’s solutions are recommended for businesses of any size looking for top-flight bundled services with which to outsource their IT support, software, and hardware duties.

CyberDuo

CyberDuo offers a myriad of managed IT, cloud, and security solutions to businesses around the world. It offers 24/7 support helpdesk for clients in any time zone and, according to their website, guarantees a server request response time of 5 minutes. From its two California offices and one Boston office, CyberDuo offers virtual managed services and solutions all over the country.

CyberDuo’s managed cloud services work especially well for teams looking to transition to Microsoft’s suite of products like Azure, Teams, and Microsoft 365. Managed security services include EDR, endpoint protection, security awareness training, cloud security, and email security.

Overall, CyberDuo is recommended for organizations looking for a technically-skilled MSP who can help them migrate their data to the cloud safely and efficiently.

Read More At: Strategies for Successful Data Migration

1Path

Despite the name, 1Path has two headquarters in the Eastern United States, one in Kennesaw, GA and one in North Andover, MA. From these hubs, the firm provides IT services virtually across the nation. Thanks to its 20 years of experience, 1Path customers can find a whole suite of end-to-end managed solutions custom-fitted to their goals and expectations.

Interested businesses with limited or no IT staff will find a host of fully managed and co-managed solutions able to support them. Key features include process automation, disaster recovery, application development, cloud services, and procurement services.

1Path is recommended for small businesses looking for co-managed or fully managed IT support that can synergize with their current and future goals.  

Choosing the Right MSP for Your Organization

When looking for the MSP that’s best for your organization, the best advice we can offer is “research, research, research.” Make sure you understand both what services and use cases your business needs and what services and use cases an MSP is best at providing. 

We recommend checking for MSPs in your area first. On top of both you and your MSP operating in the same time zone, local MSPs can provide in-person support and services that can be difficult to provide otherwise.

That said, many MSPs offer quality virtual services as well, and it might even be cheaper than an in-person solution. Regardless, it’s best to read customer reviews and insights to see how people with hands-on experience with these MSPs are describing their services. 

If you have other business owners within your network, it can also be good to connect with them to learn about any MSPs they might have used.

At the end of the day however, managed service providers are still service providers, and there’s no replacement for scheduling a meeting with an MSP and seeing if you’re both comfortable working together for the foreseeable future. If you’ve managed to narrow down your list to a few MSPs, be sure to schedule an initial consultation with each to see if they’re the right fit for your organization.

Read More At: Best MSP Software 2022: Managed Service Provider Tools

The post Top Managed Service Providers (MSPs) 2022 appeared first on IT Business Edge.

Enough ink has been spilled on the topic to fill libraries, but this article is meant to distill some of the key arguments, viewpoints, and general information related to facial recognition systems and the impacts they can have on our privacy today.

What Are Facial Recognition Systems?

The actual technology behind FRS and who develops them can be complicated. It’s best to have a basic idea of how these systems work before diving into the ethical and privacy-related concerns related to using them.

How Do Facial Recognition Systems Work?

On a basic level, facial recognition systems operate on a three-step process. First, the hardware, such as a security camera or smartphone, records a photo or video of a person.

That photo or video is then fed into an AI program, which then maps and analyzes the geometry of a person’s face, such as the distance between eyes or the contours of the face. The AI also identifies specific facial landmarks, like forehead, eye sockets, eyes, or lips.

Finally, all these landmarks and measurements come together to create a digital signature which the AI compares against its database of digital signatures to see if there is a match or to verify someone’s identity. That digital signature is then stored on the database for future reference.

Read More At: The Pros and Cons of Enlisting AI for Cybersecurity

Use Cases of Facial Recognition Systems

A technology like facial recognition is broadly applicable to a number of different industries. Two of the most obvious are law enforcement and security. 

With facial recognition software, law enforcement agencies can track suspects and offenders unfortunate enough to be caught on camera, while security firms can utilize it as part of their access control measures, checking people’s faces as easily as they check people’s ID cards or badges.

Access control in general is the most common use case for facial recognition so far. It generally relies on a smaller database (i.e. the people allowed inside a specific building), meaning the AI is less likely to hit a false positive or a similar error. Plus, it’s such a broad use case that almost any industry imaginable could find a reason to implement the technology.

Facial recognition is also a hot topic in the education field, especially in the U.S. where vendors pitch facial recognition surveillance systems as a potential solution to the school shootings that plague the country more than any other. It has additional uses in virtual classroom platforms as a way to track student activity and other metrics.

In healthcare, facial recognition can theoretically be combined with emergent tech like emotion recognition for improved patient insights, such as being able to detect pain or monitor their health status. It can also be used during the check-in process as a no-contact alternative to traditional check-in procedures.

The world of banking saw an increase in facial recognition adoption during the COVID-19 pandemic, as financial institutions looked for new ways to safely verify customers’ identities.

Some workplaces already use facial recognition as part of their clock-in-clock-out procedures. It’s also seen as a way to monitor employee productivity and activity, preventing folks from “sleeping on the job,” as it were. 

Companies like HireVue were developing software using facial recognition that can determine the hireability of prospective employees. However, it discontinued the facial analysis portion of its software in 2021. In a statement, the firm cited public concerns over AI and a growing devaluation of visual components to the software’s effectiveness.

Retailers who sell age-restricted products, such as bars or grocery stores with liquor licenses, could use facial recognition to better prevent underaged customers from buying these products.

Who Develops Facial Recognition Systems?

The people developing FRS are many of the same usual suspects who push other areas of tech research forward. As always, academics are some of the primary contributors to facial recognition innovation. The field was started in academia in the 1950s by researchers like Woody Bledsoe.

In a modern day example, The Chinese University of Hong Kong created the GaussianFace algorithm in 2014, which its researchers reported had surpassed human levels of facial recognition. The algorithm scored 98.52% accuracy compared to the 97.53% accuracy of human performance.

In the corporate world, tech giants like Google, Facebook, Microsoft, IBM, and Amazon have been just some of the names leading the charge.

Google’s facial recognition is utilized in its Photos app, which infamously mislabeled a picture of software engineer Jacky Alciné and his friend, both of whom are black, as “gorillas” in 2015. To combat this, the company simply blocked “gorilla” and similar categories like “chimpanzee” and “monkey” on Photos.

Amazon was even selling its facial recognition system, Rekognition, to law enforcement agencies until 2020, when they banned the use of the software by police. The ban is still in effect as of this writing.

Facebook used facial recognition technology on its social media platform for much of the platform’s lifespan. However, the company shuttered the software in late 2021 as “part of a company-wide move to limit the use of facial recognition in [its] products.”

Additionally, there are firms who specialize in facial recognition software like Kairos, Clearview AI, and Face First who are contributing their knowledge and expertise to the field.

Read More At: The Value of Emotion Recognition Technology

Is This a Problem?

To answer the question of “should we be worried about facial recognition systems,” it will be best to look at some of the arguments that proponents and opponents of facial recognition commonly use.

Why Use Facial Recognition?

The most common argument in favor of facial recognition software is that it provides more security for everyone involved. In enterprise use cases, employers can better manage access control, while lowering the chance of employees becoming victims of identity theft.

Law enforcement officials say the use of FRS can aid their investigative abilities to make sure they catch perpetrators quickly and more accurately. It can also be used to track victims of human trafficking, as well as individuals who might not be able to communicate such as people with dementia. This, in theory, could reduce the number of police-caused deaths in cases involving these individuals.

Human trafficking and sex-related crimes are an oft-spoken refrain from proponents of this technology in law enforcement. Vermont, the state with the strictest bans on facial recognition, peeled back their ban slightly to allow for its use in investigating child sex crimes.

For banks, facial recognition could reduce the likelihood and frequency of fraud. With biometric data like what facial recognition requires, criminals can’t simply steal a password or a PIN and gain full access to your entire life savings. This would go a long way in stopping a crime for which the FTC received 2.8 million reports from consumers in 2021 alone.

Finally, some proponents say, the technology is so accurate now that the worries over false positives and negatives should barely be a concern. According to a 2022 report by the National Institute of Standards and Technology, top facial recognition algorithms can have a success rate of over 99%, depending on the circumstances.

With accuracy that good and use cases that strong, facial recognition might just be one of the fairest and most effective technologies we can use in education, business, and law enforcement, right? Not so fast, say the technology’s critics.

Why Ban Facial Recognition Technology?

First, the accuracy of these systems isn’t the primary concern for many critics of FRS. Whether the technology is accurate or not is inessential. 

While Academia is where much research on facial recognition is conducted, it is also where many of the concerns and criticisms are raised regarding the technology’s use in areas of life such as education or law enforcement. 

Northeastern University Professor of Law and Computer Science Woodrow Hartzog is one of the most outspoken critics of the technology. In a 2018 article Hartzog said, “The mere existence of facial recognition systems, which are often invisible, harms civil liberties, because people will act differently if they suspect they’re being surveilled.”

The concerns over privacy are numerous. As AI ethics researcher Rosalie A. Waelen put it in a 2022 piece for AI & Ethics, “[FRS] is expected to become omnipresent and able to infer a wide variety of information about a person.” The information it is meant to infer is not necessarily information an individual is willing to disclose.

Facial recognition technology has demonstrated difficulties identifying individuals of diverse races, ethnicities, genders, and age. This, when used by law enforcement, can potentially lead to false arrests, imprisonments, and other issues.

As a matter of fact, it already has. In Detroit, Robert Williams, a black man, was incorrectly identified by facial recognition software as a watch thief and falsely arrested in 2020. After being detained for 30 hours, he was released due to insufficient evidence after it became clear that the photographed suspect and Williams were not the same person.

This wasn’t the only time this happened in Detroit either. Michael Oliver was wrongly picked by facial recognition software as the one who threw a teacher’s cell phone and broke it.

A similar case happened to Nijeer Parks in late 2019 in New Jersey. Parks was detained for 10 days for allegedly shoplifting candy and trying to hit police with a car. Facial recognition falsely identified him as the perpetrator, despite Parks being 30 miles away from the incident at the time. 

There is also, in critics’ minds, an inherently dehumanizing element to facial recognition software and the way it analyzes the individual. Recall the aforementioned incident wherein Google Photos mislabeled Jacky Alciné and his friend as “gorillas.” It didn’t even recognize them as human. Given Google’s response to the situation was to remove “gorilla” and similar categories, it arguably still doesn’t.

Finally, there comes the issue of what would happen if the technology was 100% accurate. The dehumanizing element doesn’t just go away if Photos can suddenly determine that a person of color is, in fact, a person of color. 

The way these machines see us is fundamentally different from the way we see each other because the machines’ way of seeing goes only one way.  As Andrea Brighenti said, facial recognition software “leads to a qualitatively different way of seeing … .[the subject is] not even fully human. Inherent in the one way gaze is a kind of dehumanization of the observed.”

In order to get an AI to recognize human faces, you have to teach it what a human is, which can, in some cases, cause it to take certain human characteristics outside of its dataset and define them as decidedly “inhuman.”

That said, making facial recognition technology more accurate for detecting people of color only really serves to make law enforcement and business-related surveillance better. This means that, as researchers Nikki Stevens and Os Keyes noted in their 2021 paper for academic journal Cultural Studies, “efforts to increase representation are merely efforts to increase the ability of commercial entities to exploit, track and control people of colour.”

Final Thoughts

Ultimately, how much one worries about facial recognition technology comes down to a matter of trust. How much trust does a person place in the police or Amazon or any random individual who gets their hands on this software and the power it provides that they will only use it “for the right reasons”?

This technology provides institutions with power, and when thinking about giving power to an organization or an institution, one of the first things to consider is the potential for abuse of that power. For facial recognition, specifically for law enforcement, that potential is quite large.

In an interview for this article, Frederic Lederer, William & Mary Law School Chancellor Professor and Director of the Center for Legal & Court Technology, shared his perspective on the potential abuses facial recognition systems could facilitate in the U.S. legal system:

“Let’s imagine we run information through a facial recognition system, and it spits out 20 [possible suspects], and we had classified those possible individuals in probability terms. We know for a fact that the system is inaccurate and even under its best circumstances could still be dead wrong.

If what happens now is that the police use this as a mechanism for focusing on people and conducting proper investigation, I recognize the privacy objections, but it does seem to me to be a fairly reasonable use.

The problem is that police officers, law enforcement folks, are human beings. They are highly stressed and overworked human beings. And what little I know of reality in the field suggests that there is a large tendency to dump all but the one with the highest probability, and let’s go out and arrest him.”

Professor Lederer believes this is a dangerous idea, however:

“…since at minimum the way the system operates, it may be effectively impossible for the person to avoid what happens in the system until and unless… there is ultimately a conviction.”

Lederer explains that the Bill of Rights guarantees individuals a right to a “speedy trial.” However, court interpretations have borne out that arrested individuals will spend at least a year in prison before the courts even think about a speedy trial.

Add to that plea bargaining:

“…Now, and I don’t have the numbers, it is not uncommon for an individual in jail pending trial to be offered the following deal: ‘plead guilty, and we’ll see you’re sentenced to the time you’ve already been [in jail] in pre-trial, and you can walk home tomorrow.’ It takes an awful lot of guts for an individual to say ‘No, I’m innocent, and I’m going to stay here as long as is necessary.’

So if, in fact, we arrest the wrong person, unless there is painfully obvious evidence that the person is not the right person, we are quite likely to have individuals who are going to serve long periods of time pending trial, and a fair number of them may well plead guilty just to get out of the process.

So when you start thinking about facial recognition error, you can’t look at it in isolation. You have to ask: ‘How will real people deal with this information and to what extent does this correlate with everything else that happens?’ And at that point, there’s some really good concerns.”

As Lederer pointed out, these abuses already happen in the system, but facial recognition systems could exacerbate these abuses and even increase them. They can perpetuate pre-existing biases and systemic failings, and even if their potential benefits are enticing, the potential harm is too present and real to ignore.

Of the viable use cases of facial recognition that have been explored, the closest thing to a “safe” use case is ID verification. However, there are plenty of equally effective ID verification methods, some of which use biometrics like fingerprints.

In reality, there might not be any “safe” use case for facial recognition technology. Any advancements in the field will inevitably aid surveillance and control functions that have been core to the technology from its very beginning.

For now, Lederer said he hasn’t come to any firm conclusions as to whether the technology should be banned. But he and privacy advocates like Hartzog will continue to watch how it’s used.

Read Next: What’s Next for Ethical AI?

The post The Toll Facial Recognition Systems Might Take on Our Privacy and Humanity appeared first on IT Business Edge.

GRC is software that allows a company to unify the technology they utilize and business goals, manage risk, and ensure compliance with any regulations they might be obligated to meet.

GRC can provide structure and order to what can be a chaotic mess of incongruent objectives, compliance issues, and technology while also providing ways to protect your business from the data breaches that around 63 percent of tech companies have suffered in the last two years, according to Hyperproof.

Unfortunately, finding the right set of tools or software for your GRC needs can be its own chaotic mess, filled with potential pitfalls and promises that don’t deliver. To help you navigate the GRC market, here are some tips and suggestions for getting started, along with a look at some of the top GRC tools.

Why Use GRC?

On top of helping ensure your company is compliant with necessary regulations, there are a number of reasons for using a GRC solution. It can save your business money by reducing instances of unnecessary spending by getting ahead of potential threats to your bottom line, whether that be fines and penalties for non-compliance or unnoticed risks that balloon into big, expensive problems. For example, a well-implemented GRC solution can help prevent breaches of sensitive information like personal data of employees or customers and company financial information or catch them early, saving companies millions of dollars. 

GRC allows for more transparent data-sharing between departments, which can improve efficiency and decrease potential data silos. Finally, a good GRC solution can help ensure your business’s data is more secure in a post-COVID world where so many employees work in remote or hybrid settings.

Also Read: What Is GRC?

Key Features of GRC Software

We’ve given a basic definition of GRC, but what features should you be looking out for? According to Steve Durbin, CEO of the Information Security Forum, you should ensure that the GRC product is supported, and ideally referenced, to an industry-recognized methodology. He recommends considering these basic requirements:

• Ability to conduct assessments at varying levels of detail depending on the criticality of the environment/system being assessed
• The need to host/upload evidence (especially the compliance requirements in the GRC)

• Provide / display outputs in accordance to recognized standards, regulations (ISO, NIST CSF, PCI)
• Predefine a set of attributes to produce a risk analysis in a short space of time, for example, define system criteria, such as internet-facing and processing personally identifying information (PII). This is particularly important for agile environments
• Provide deep analysis on business reporting with an emphasis on how this should be communicated. The reporting needs to consider multiple audiences, such as technical IT teams who typically want to know what controls to implement, the chief information security officer (CISO) for threats, and the business for costs and return on investment (ROI)
• Future proofing of functionality by considering quantitative ways in which to report risk and report the mitigating actions, such as comparing the cost of a possible risk to the cost of implementing controls both operational expenditure (OPEX) and capital expenditure (CAPEX)

Tips for Choosing the GRC Tool That’s Right for You

“Buying the right GRC platform for your organization is all about asking the right questions,” explained Sam Abadir, vice president of Industry Solutions at LockPath, a leading provider of compliance and risk management software. “There are questions to ask about your internal processes, questions to profile vendors, and questions to justify the purchase of a GRC platform. Whether you’re buying a GRC platform or trying to prepare for a mountain climb, asking the right question lowers your risk and increases the favorability of the desired outcome.”

Abadir suggests you ask three questions before buying a platform:

1. What or Who Is Driving the Need for a GRC platform?

Determining what or who prompted the search for GRC platforms can reveal what factors you need to consider before purchasing a GRC platform. From our experience, there are typically three forces at work:

1. The current solution can no longer meet the demand. 
2. An executive or board member requested the search. 
3. Or an incident like a data breach has occurred.

2. How Are You Going to Support Your GRC Platform?

A GRC platform should integrate with your organization’s pre-existing processes. As such, you’ll need to consider how you will support the platform: Will you need an infrastructure team of GRC experts to manage the platform? Will you need to train staff on using the platform? Knowing what is necessary to support each potential GRC platform is critical to success.

3. Where Are You Now and Where Do You Want to Be With Compliance?

To make any progress toward any goal, you first need to determine where you’re starting. Have you purchased a GRC platform before? Are you moving from a point solution like policy management software? Do you have staff with experience using a GRC platform? Check your current proficiency level against your goals to determine what is a “must have” versus a “nice to have.”

Also Read: How to Implement a GRC Strategy

Top 10 GRC Tools in 2022

We analyzed each company’s platforms and solutions and the overall GRC marketplace through major market resources like Gartner, Forrester, and G2 to put together this list of the best GRC solutions available right now. We used the criteria provided by Steve Durbin above to help determine what platforms provided the key features that make a GRC solution worth looking at.

1. Workiva

Workiva is best-suited for organizations in the fields of banking, utilities, government, higher education, insurance, and investments. In addition to a multi-departmental GRC platform, it provides a marketplace where users can find templates and other services related to the platform offered by Workiva itself as well as partner companies like Deloitte, PwC, Oracle, and Namely. The platform can connect to data sources both on-premises and on-cloud and includes, among others, the following solutions:

• ESG Reporting
• Enterprise Risk Management
• Financial Statement Automation
• Policy and Procedure Management
• IT Risk & Compliance
• Board Report Creation

Workiva’s platform is designed to simplify the usually-complex GRC processes and ensure even the less tech-savvy members of a business can utilize its features. For external reporting, it’s excellent, though some users report requiring additional use licenses for services outside that realm.

Workiva was categorized as a Leader in the 2021 Q3 Forrester Wave Governance, Risk, and Compliance Platforms report.

Demo and pricing information are available from Workiva.

2. IBM OpenPages

Tech giant IBM’s GRC platform is powered by their IBM Watson AI and can provide a scalable software solution to medium-to-large organizations in practically any industry. Available solutions and product modules include:

• Operational Risk Management
• Model Risk Governance
• Regulatory Compliance Management
• End-to-End Data Governance
• Internal Audit Management
• IT Governance

Some users criticize the platform for the number of steps needed to set up the platform or perform simple tasks. However, its automation tools and comprehensive out-of-the-box tools are well-regarded. IBM OpenPages was named a Leader in Gartner’s 2021 Magic Quadrant for IT Risk Management. The 2021 Q3 Forrester Wave GRC Platforms report listed it as a Strong Performer.

The platform’s price can range from $48,000 to $207,000. Interested users can find more demo and pricing information on IBM’s website.

3. RSA Archer

With customization options for organizations of all sizes and industries, Archer is a good pick for companies looking for a GRC solution that can adapt to a variety of compliance and risk management needs. Its diverse suite of solutions includes the following:

• Regulatory and Corporate Compliance
• Audit Management
• IT & Security Risk Management
• Third-Party Governance
• Operational Resilience
• ESG Management

Users praise Archer for its comprehensive toolkit and solutions suite, but some have concerns with integration and customization difficulties.

In Gartner’s 2021 Magic Quadrant, Archer was named a Leader in the IT Risk Management and IT Vendor Risk Management Tools categories.

If you’re interested, RSA offers a demo of the platform, as well as pricing information, on the Archer website.

4. LogicManager

LogicManager is usable across a variety of industries, but organizations in education, retail, financial services, government, or healthcare should especially pay attention to this GRC platform. Notable features include:

• Incident Management
• Third-Party Risk Management
• Audit Management
• Financial Reporting Compliance
• IT Governance & Security
• Policy Management

Users praise LogicManager for its ease of use but some aren’t satisfied with the platform’s ability to handle more detailed contracts and documents.

Gartner recognized LogicManager as a Challenger in its 2021 Magic Quadrant in the IT Risk Management category, with the platform scoring the highest in Ability to Execute. Similarly, Forrester listed it as a Strong Performer in its Q3 2021 GRC Wave.

Interested buyers can contact LogicManager for pricing information and a demo.

5. MetricStream

MetricStream is best for organizations with a diverse set of users with distinct needs, such as executives, IT managers, and auditors. It supports industries such as life sciences, energy, telecom, technology, and insurance. It boasts an array of features, including:

• Compliance Management
• Enterprise Risk Management
• Internal Audit Management
• Regulatory Compliance Management
• Third-Party Risk Management
• IT and Cyber Compliance Management

MetricStream’s platform can be delivered on-premises or via the cloud and provides a unique user interface that’s good for less tech-savvy users.

Forrester’s GRC Wave for Q3 2021 named MetricStream a Strong Performer, and the platform was a Leader in Gartner’s 2021 Magic Quadrant for IT Risk Management.

No pricing information is available on MetricStream’s website, but you can contact the company for a demo.

6. OneTrust

With across-the-board versatility, OneTrust is great for organizations who need solutions for employees in multiple departments and roles. It also comes complete with a number of useful solutions, such as:

• Audit Management
• Vendor Risk Management
• Awareness Training
• IT & Security Management
• Enterprise & Operational Risk Management
• Incident Management

OneTrust’s platform boasts over 500 integrations, including Dropbox, G-Suite, Office 365, and GitHub, and can work in a variety of compliance and risk frameworks.

While Gartner named it a Challenger in its 2021 IT Risk Management Magic Quadrant, Forrester recognized OneTrust as a Leader in its Q3 2021 GRC Wave.

Pricing information is available on OneTrust’s website, and interested buyers can also schedule a demo.

7. Fusion Framework System

Built on Salesforce’s Lightning platform, Fusion Framework System is one of the best options for organizations already working with it and other Salesforce tech. Here are some of the features included in the solution:

• Crisis and Incident Management
• Risk Management
• IT & Security Risk Management
• Business Continuity Management
• Operational Resilience
• Third-Party Risk Management

With the Fusion Framework System, users can lay out their entire business with an easy-to-use click-to-configure user interface. Guided workflows help make the platform even more user-friendly, and its impressive integrations list make it a versatile tool for any business.

Although Forrester and Gartner both left Fusion Framework System off their respective 2021 GRC lists, Forrester did name the company a Leader in its 2021 Business Continuity Management Software Wave. The Disaster Recovery Institute International (DRI) also awarded it the Product/Service Provider of the Year prize in 2022.

Pricing information is not available on Fusion Framework System’s website, but interested parties can contact the company for a demo.

8. Riskonnect

Riskonnect is a great pick for users in the healthcare, financial services, insurance, retail, and manufacturing industries. It includes a wide array of features such as:

• Internal Audit
• Claims Administration
• ESG Management
• Compliance Management
• Enterprise Risk Management
• Third-Party Risk Management

Customers laud Riskonnect for its ease of use once everything was set up, but some find the product difficult and confusing to implement.

Riskonnect was named a Contender in Forrester’s GRC Wave for Q3 2021, and Gartner named it a Niche Player in its 2021 Magic Quadrant for IT Risk Management. 

No pricing information is available on Riskonnect’s website, but interested readers can contact the company for a demo.

9. ServiceNow

With certain industry-specific solutions, ServiceNow is great for organizations working in fields like telecom, education, manufacturing, and government, among others. Its features include:

• Performance Analytics
• Operational Risk Management
• Policy and Compliance Management
• Operational Resilience
• Vendor Risk Management
• Audit Management

Users praise ServiceNow for the ability to coordinate between internal and external teams, as well as its easy-to-implement integrations. That said, some users have spoken about issues with the company’s customer support capabilities as well as an inefficient IT asset management system.

Thanks to its impressive GRC chops, Forrester listed ServiceNow as a Leader in its Q3 2021 GRC Wave. Gartner recognized the company as a Leader in IT Risk Management for its 2021 Magic Quadrant.

Pricing and demo information are available on ServiceNow’s website.

10. Diligent

Through its versatile GRC platform, Diligent seeks to help client companies modernize their governance procedures for the Digital Age. Notable features include:

• ESG Tracking & Reporting
• Policy & Training Management
• IT Risk Management
• Entity & Subsidiary Management
• Regulatory Compliance Management
• Third-Party Risk Management

Users appreciate how feature-rich Diligent’s platform is, especially regarding analytics and big data insights. However, some feel the platform could do with some streamlining, particularly in the areas of setup and implementation.

In its Q3 2021 GRC Wave, Forrester marked Diligent as a Strong Performer. The company was a Leader in Gartner’s 2021 Magic Quadrant for IT Risk Management as well.

Interested readers can request demo and pricing information from Diligent on the company’s website.

GRC vs. IRM

While researching GRC, you will inevitably stumble on the debate between GRC and integrated risk management (IRM) and what the differences are between the two. The claim made by some is that IRM is newer and more effective at risk management than GRC, but the two are very similar.

Notably, many of the same product leaders in GRC found themselves listed as product leaders in IRM when research and consulting firm Gartner coined the IRM term in 2018. It can be helpful to view IRM software as a subgenre of GRC software, one more focused on the R than the G or the C. It’s ultimately up to you to determine whether your business needs IRM or GRC more.

Final Thoughts

Choosing the right GRC product for your business isn’t easy, but we hope that the above tips and list will give you a head start on your way to GRC success. These are some of the very best GRC solutions on the market and will give you a sense of what’s available on the market as you evaluate your own needs and budget. An informed decision will help your business tremendously in the long run.

Read Next: Top Data Quality Tools & Software 2022

This post updates a Feb. 20, 2018 article by Sue Poremba.

The post Top GRC Platforms & Tools in 2022 appeared first on IT Business Edge.