Reading Time: 3 minutes


Embracing any new technology in an organization takes a lot of research and a string of right decisions. Hence, selection of the right vendor who will address your business needs is a crucial steps in new technology implementation.

Numerous options are available in the market to choose from! The process requires discipline on the part of the management by setting a predefined goal and deadlines. It requires alignment of 3 things – Process, People and Culture. Yet, there is no common best software/application for all the companies at large. Hence, one needs to do a careful analysis of many criteria before taking a long term investment decision.

Regretting an investment decision at a later date adversely affects stakeholder’s confidence and wastes valuable resources of the organization.
Moreover, when it comes to implementing a GRC management software, an organization has various options to choose from large vendors like MetricStream, SaiGlobal, LogicManager, BWise etc to mid-size vendors like VComply, Avalara, RiskPro etc. Thus, these established solutions make it easier for an organization to select the vendor.

The process

The process of evaluation can begin with having a basic overview of the following factors :
– Does the organization have a GRC  management framework?
– Is the framework functional?
– What is the risk involved?
– If not, what immediate actions are required to make it functional?
– The members involved in the process
– Also, the minimum spend/investment required
– Involvement of a third party to attain the goal

After the organization considers the above factors, the need for implementing a new technology becomes clear and defined.

Next, one should form  a new resource team to plan the entire implementation. Thus, process discipline should be of utmost importance to any organization.

To begin with, the process should be as follows :

– Select a team leader who will be the chief coordinator of the implementation
– Identify the human resources who shall be involved in the implementation and shall assist the leader
– Each and every person should be assigned responsibilities to reach a predefined milestone
– The set timeline must be reviewed periodically.
– The finance department should plan the budget well in advance and get it approved.

Selection of the vendor

Firstly, create an assessment criteria which can cover a variety of factors like :
– Market presence
– Pricing
– Customer testimonials
– Demo/Free trials
– Regulatory Documentation and contracts
– Vendor ageing reports

Secondly, general functions which the GRC vendor should support –
– Customer Support
– FAQs
– Exhaustive features
– Speed
– Customization
– Ease of implementation
– Unlimited Cloud Storage
– Audit Trails
– A private communication space
– A comprehensive library
– Security
– Mobile App (IoS/Android)
– Scalability
– System Integration
– Report Generation
– Frequent updates

Vendor Variables

Vendor Selection

To begin with, start a preliminary research of potential vendors using search engines or your business contacts. There are various listing websites like Capterra which facilitate ease of research. Then, contact all the vendors and ask for a demo/product information. If the vendor offers a free trial, ask your staff to use the product to ensure the comfort level. Moreover, one should ensure the possibility of hidden costs!
Perform the required due diligence on the selected vendor based on various factors fixed by your organization at large. Secondly, inform the stakeholders about the software. Give the necessary information as and when required by them. Thirdly, do not forget to ask for the maintenance cost of the management tool, if any.
Also, ensure the sufficient training of the staff before implementing the tool in order to avoid mishaps is important. After the implementation, regularly monitor the tool to make sure it is working. Moreover, conduct periodic reviews of upgrades, training and agreement with the vendor.


A set process which is collaborative, documented and in line with the company’s GRC goals will most likely result in a effective implementation project. Thus, even a small mistake can cost the company time and money. Also, it shall ensures a culture of discipline in the organization.

It will definitely solve the long term problems from the initiation to the execution!

Previous                                                                                                                        Next

FavoriteLoadingAdd to favorites

Leave a Reply

Your email address will not be published. Required fields are marked *