In previous blogs, I've covered the differences between ERM and GRC offerings. One critical difference I'd like to explore more fully is the concept of Software-as-a-Service, especially as it pertains to the IT departments and legal councils charged with approving your ERM or GRC solution. Due to Software-as-a-Service's relatively recent entry into the Business to Business marketplace, it's not uncommon for risk managers to be concerned, even fear, how solutions that are not exclusively hosted on servers that they control will be perceived internally.
What needs to be highlighted is the enormous burden these groups are under in their organization by operating with decade old evaluation protocol, when as long as the proper due diligence is taken, SaaS is not only be a secure solution, but an enormous benefit from the standpoint of organizational agility and flexibility.
Consider Michael Shear and Annie Lowry's recent article from the New York Times, "In Tech Buying, U.S. Still Stuck in Last Century." The article critiques the procurement process used by government agencies and large companies, especially the manner in which they prioritize long, drawn out legal proceedings with familiar vendors over technological innovators at the forefront of their discipline.
Organizations must "move away from an old-fashioned method of technology development that relies on a single, large vendor to develop technology in years-long contracts." In an age of constantly changing technology, taking on long contracts with enormous exit burdens is akin to running down the curtain on your department. Moreover, the innovation necessary to tackle complex problems, like Enterprise Risk Management, isn't found at giant, multinational institutions like IBM and SAP.
So in your evaluation of GRC or ERM software, what requirements can you place on a vendor to ensure your organization isn't stuck with archaic technology in a contract you can't terminate? The answer is Software-as-a-Service.
True SaaS vendors will not lock you in to long term contracts, and because of the way the infrastructure is managed, your implementation is reduced to less than 5 business days, so you'll be able to evaluate quickly whether the solution will suit your needs. Because the solution is hosted by the vendor, you'll be working with the latest improvements and updates without having to pay for maintenance, upgrades, or additional licensing. That's a significant cost savings, a competitive advantage, and peace of mind that the vendor will do everything possible to satisfy your unique requirements.
Since it may be hard to distinguish a true SaaS vendor from the wolves in sheep clothing, click here to download a list of due diligence questions to ask your potential vendors.