Rsam provides enterprise software that helps organizations meet their risk and compliance goals. Rsam excels at automating manual processes, enabling efficient workflows and adapting to changing requirements. Below is our interview with Vivek Shivananda, CEO of Rsam:
Q: Can you give us more insights into the current GRC landscape?
A: Today’s business climate is one of unprecedented regulatory growth, data complexity and cybersecurity concerns. There is a corresponding increase in media attention, customer awareness and Board-level scrutiny. Organizations must demonstrate that they have a viable process for managing risk and compliance (broadly known as GRC). This is no small task, especially as the scope of GRC expands.
Until recently, GRC initiatives sprang out of a particular business unit’s needs without a central point of orchestration. The process has been largely manual and wrapped up in a web of spreadsheets, homegrown systems and point solutions. But, as demands around risk and compliance explode, a happenstance approach to GRC no longer works. Everyone is stretched beyond their bounds. Data resides in siloes. It’s impossible to get a holistic view of risk and compliance. When organizations hit this wall, they look for a solution like Rsam.
Q: Rsam Named a Leader in 2017 Gartner Magic Quadrant for IT Risk Management Solutions; could you tell us something more?
A: Rsam was actually named a leader in two new Gartner Magic Quadrants: IT Risk Management and Vendor Risk Management. Both were published in June. These reports are among the mostly highly anticipated in the industry. Consider how many different solutions are on the market. Risk and compliance leaders can’t possibly evaluate each one. Reports like the Gartner Magic Quadrant make the process of vetting a company, its solution and its customers’ experiences much easier. Gartner analysts undergo an exhaustive process, usually 6-7 months, evaluating vendors. Ultimately, they determine placement in the Magic Quadrant based on completeness of vision and ability to execute. Many organizations use this information to develop a shortlist of vendors to pursue when they are thinking of purchasing a risk management solution. Rsam is thrilled to be named a leader in these two essential industry reports.
Q: Can you give us more insights into your platform?
A: Rsam’s platform is truly unlike any other. As I mentioned earlier, change is the greatest challenge for risk and compliance leaders. Traditional GRC platforms are flawed in ways that make it hard for them to adapt to change. It boils down to their data model. The model underlying of typical GRC platforms is analogous to an Excel workbook. This workbook contains all of your operating data in structured sheets with columns and macro formulas. Let’s say you create one for Policy Management and it works fine. But soon you need to create one for Regulatory Change or Incident Management or dozens of other use cases. You can’t simple duplicate your work. If you’re using a traditional GRC platform, any edit you make to the underlying structure, like columns or macros, would have to be made across all the other spreadsheets—one by one. Meaning you must make the same changes to every dependent structure, whether its dozens or thousands. Links or relationships between structures also become problematic and can lead to broken relationships or significant system errors. It takes more people, time and money to manage a structure like this, making it unsustainable.
By contrast, Rsam provides an agile, configurable foundation that allows you to adjust as needed. Our platform is based on a unique object-based data model. Instead of an ever-growing host of duplicated and interdependent structures, module draw from a single, centralized repository built in a relational architecture. You can set up as many use cases as needed within the repository without breaking relationships. In fact, users can create their own relationships between regulations, policies, controls, risks, assets – nearly anything. Changes to any single data point need only be made once. The model makes the platform easier to use and maintain, so it requires fewer resources to manage and significantly lowers total cost of ownership. And because the architecture is purpose-built to be changeable, it will scale to virtually any size or scope as future needs demand.
Q: What makes Rsam a good choice?
A: Rsam helps customers solve their two greatest GRC challenges: implementing a solution takes too long and traditional platforms can’t adapt to change. GRC implementations have had a bad rap for a while. Companies typically spend a year or more trying to implement their solution. Traditional monolithic platforms essentially require the customer to map out all their requirements upfront. These are hardwired into the design. So what happens when you’re in the middle of an implementation and something changes? If your platform is hardwired with dependencies, any changes you make will break those dependencies and require a redesign or recoding. The more time it takes to get your solution up and running, the more your risk exposure grows.
This leads to the second common challenge; adaptability. Earlier I described the main difference between Rsam’s platform and others is its ability to adapt to change. Traditional platforms have a fixed design; every change can potentially break key dependencies. That means you’re locked into a rigid system that can’t meet your evolving needs. Because of this, many GRC implementations falter or come to a standstill. It simply requires too much money, resources, and time to fix and the original goals for deploying GRC slip further away. As a result, there’s a widespread perception that GRC systems are more trouble and money than they’re worth. But at Rsam, we believe that GRC is an ongoing, iterative process, not a one-time project. That’s why we built our platform to dynamically adapt to changes as they arise.
Q: What are your plans for next six months?
A: Over the next six months, Rsam will continue to advance its platform to meet customers’ evolving requirements. We want to make it easier than ever before to manage all risk and compliance activities within one system, with ease, so you can be audit-ready and Board-ready at any time. We’re always making enhancements to meet this goal. For example, “cybersecurity” has taken center stage in most organizations. Executives are asking: “What is our cybersecurity posture?” Rsam will be launching a NIST Cybersecurity module that will help give them answers.
Another example is Rsam’s partnership with the HITRUST Assessment Exchange (AX), which will significantly simplify vendor risk management. HITRUST developed the common security framework (CSF) used widely across the healthcare industry. It provides thousands of organizations with a comprehensive, flexible and efficient way to manage regulatory compliance and risk. Rsam is the underlying technology platform for the online version of this framework.
The HITRUST AX should be generally available in a few months. It will revolutionize how organizations get vendor assessments. Customers can import their CSF assessments from the HISTRUST AX into Rsam’s vendor risk management module. Thousands of organizations have already completed CSF assessments, providing a critical mass of vendor data that is unmatched in the industry.