GRC & Chill: Kickstarting Your Risk Management with Quantification
In this episode of GRC & Me, Megan Phee talks to Netflix's Senior Information Security Risk Engineer, Tony…
No single piece of software or platform can do it all. Investing in the right combination of technologies so that your teams can perform at their best is the puzzle you need to put together. Chances are, you put in a lot of time and resources into choosing new technology at your organization. There are so many details, decisions, and processes that need to be addressed before a purchase can be made. We have outlined the major considerations for GRC solutions in our blog, 8 Questions to Help You Select the Best GRC Software for Your Company, but how will this new GRC solution fit in with the rest of your organization’s tech stack?
Integrations are the connectors for your tech stack. They allow different systems to work together. However, the reality of integrations is that they can lead to unanticipated roadblocks and fall short of your expectations. That is why we wanted to put a magnifying glass on integrations. Let’s explore the possibilities of how GRC solutions can integrate into your world so you are set up for success when evaluating your GRC solution options.
First things first, figure out where you need your GRC solution to connect. Integrations should fit into your process, and not the other way around. Kick off your checklist by conducting an internal audit of your organization’s tech stack. Compare and contrast your team’s technology usage to other departments that will participate in the GRC process. Try using a quick survey to get the full picture across different departments. This information will form the foundation to confidently make decisions about a GRC solution’s integration abilities.
Next, it’s time to imagine your technology wish list. The list of possibilities to integrate can seem endless, so segment them into “Must Have” and “Nice to Have.” The first question you should ask yourself before bucketing that platform into the “Must Have” column is “Why do these systems need to talk to each other?”
Here are examples of answers to look for when asking that question:
Integrations can lead to cost savings, improved process efficiency, and better insights into data across disparate sources. However, they can also lead to redundant or otherwise useless processes. Some due diligence on functionality will help you avoid these costly mistakes. Document exactly what you want each of your wish list integrations to do and the overlaps and gaps will become apparent.
Now we can put that checklist to work. Your GRC solution options may seem daunting, but the time you invested at the beginning of this process will easily narrow your focus in the market.
When it comes to GRC solutions, the market is divided into a few classifications and each approaches integrations differently.
Not all integrations are equal. When comparing integration capabilities of these different GRC solution groups, functionality can vary widely. One vendor might “check the box” of an integration that you are interested in, but may not meet your expected functional requirements. Paying close attention to the functionality during the vetting process can save you the headache of teams filling in the gaps where you thought an integration would fit.
Requesting demos is a great way to get the full understanding of an integration’s functionality before you purchase. If a solution you are considering is not willing to provide a demo of a specific integration functionality, it is most likely because they don’t have it or it requires a long, expensive process to custom build.
In addition to variances in functionality, there are also different ways that integrations can be delivered. The delivery matters because it can impact the functionality, updates, needed resources, and time it takes to get the integration up and running.
When most people think of integrations, they are thinking about native integrations. Native integrations are built directly into your GRC platform, take the least amount of setup, and are more likely to receive regular updates. It is important to keep in mind that native integrations often solve for the 1-2 most common use cases and may not cover what you had in mind.
If the vendor you’re vetting doesn't have the native integration you’re looking for, there's no reason to eliminate them quite yet. When native integrations don’t cut it, expand your questioning into overall integration coverage. Integration coverage means that there are other ways to connect with software that might add even more value for you.
First, many middleware technologies are designed with the sole purpose of connecting platforms together. For example, Risk Cloud is integrated with Zapier, which quickly and easily connects the platform to hundreds of the most common integrations, such as Formstack, DocuSign, and Sharepoint. Middleware may be the simplest solution to your integration needs.
Next, dig into the resources of the prospective vendor. A dedicated integrations team of experts to guide you through your integration journey may be just what you need. If custom integrations are part of your “Must Have” list, then these teams can provide a seamless and effective integration build. Ask about such teams and if they are part of customer services or if they require additional costs. The Integrations Services team at LogicGate was formed from the customer success team and focuses on making sure Risk Cloud customers have successful and effective integrations.
Finally, ask them about an API. An open API can open up possibilities for your IT team to connect to the specific integration you require. If you plan on building your integration, it’s worth validating that the platform or software has easy-to-use endpoints and readily available documentation. Your team's internal developers may need to be brought into a vetting call for this route. Risk Cloud has a RESTful API and can accommodate these custom integrations.
Integrations can be a tough landscape to navigate when qualifying your GRC solution options. The beauty of buying a cloud-based GRC platform is that you will receive automatic and constant enhancements to integrations. The team at LogicGate is dedicated to the continuing expansion of integrations to Risk Cloud. Contact us to learn more about putting Risk Cloud at the center of your GRC ecosystem.
In this episode of GRC & Me, Megan Phee talks to Netflix's Senior Information Security Risk Engineer, Tony…
Despite the increased expense, cyber insurance is still well-worth having for your organization. But, you’ll need to learn…
We hit three years (or 12 consecutive quarters) as a leader on the G2 grid for GRC Platforms…
In this webinar with LogicGate and ITGRC you will learn how to optimize your cybersecurity program using personnel…
Vendor risks aren’t slowing down. You shouldn’t either. Learn how to manage your third parties better.