Corporate Governance (Sarbanes-Oxley – SOx – Software)
-
The Sarbanes-Oxley Act of 2002 (SOx) (a/k/a Public Company Accounting Reform and Investor Protection Act, and, Corporate and Auditing Accountability, Responsibility, and Transparency Act) was enacted originally to regulate the financial aspects of enterprise operations.
-
However, due both to the SOx requirement that all enterprises whose stocks are traded on publicly-accessible exchanges here in the United States (US) must comply with SOx, and to the excellent frameworks for regulatory compliance in general encouraged by the SOx guidelines, numerous other types of private enterprises have also adopted voluntary SOx compliance, to the point now where SOx compliance is almost the universal norm for all enterprises here in the US.
-
Enterprises these days are so complex and vast, that they must rely on numerous types of complex software platforms to manage the many operations that are required to power the many applications necessary to generate the data that is used to verify for SOx compliance through annual external independent SOx audits, performed by specialized external independent SOx auditing firms.
-
Some basic information about such SOx compliance software platforms may be found below in the Corporate Governance (Sarbanes-Oxley – SOx – Software – Sarbanes-Oxley Management – SOxM) section.
-
The other sections below provide some basic information about some of the SOx compliance software platforms that are currently-prevalent in enterprises, which may assist enterprises in performing some SOx-related relevant for SOx compliance auditing.
-
Of course, many other such software platforms are currently-available to assist enterprises in performing the myriad of other tasks related to gathering information that may be required for SOx compliance auditing.
Corporate Governance (Sarbanes-Oxley – SOx – Software – Attack Surface Management – ASM)
-
Attack surface management (ASM) platforms (also known as external attack surface management – EASM – platforms) are used to identify, monitor and remediate any external threats from the internet or worldwide web to enterprise assets, cloud services, networks, and areas of potential enterprise vulnerability.
-
At a minimum, ASM platforms should provide: artificial intelligence (AI); automatic discovery of IPv4, IPv6, Cloud, and internet of things (IoT) assets; asset-mapping; contextualized alerts; cyber security posture snapshots; data analysis; data management; data mining; IP scanning; machine learning; password analysis; pentesting; proactive threat removal; real-time analysis of cloud and network assets for misconfigurations; red-teaming (simulated attacks); risk graphing; risk scoring; security posture management; shadow IT (the use of IT-related hardware or software by a department or individual without the authorization or knowledge of the IT or security group within the enterprise) discovery and tracking; silo discovery and connecting; smart learning; task automation; threat identification; threat landscape trending; threat prioritization; updates management.
-
Procurement, recommendation, research, sourcing, specification, testing and use of various ASM platforms, such as: AssetNote; Axonius; Bit Discovery; Brinqa; Chariot; CODA Footprint; CybelAngel; Detectify; edgescan; Expanse; ImmuniWeb Discovery; Informer; Lucidum - Attack Surface Management Platform; Quantum Armor; Wiz.
Corporate Governance (Sarbanes-Oxley – SOx – Software – Audit Management Software – AMS)
-
Audit management software (AMS) platforms are used to streamline an enterprise internal audit (perhaps as a dry-run stress test in preparation for the annual SOx audit to be performed by an external independent SOx auditing firm) process through defining, implementing and monitoring the audit procedures currently in use by the enterprise.
-
At a minimum, AMS platforms should provide: access management; application development and testing; approval tracking; audit analysis; audit management; audit procedures; audit reporting; audit scheduling; audit templates; automated alerts; automated evidence gathering; automated notifications; automated provider and vendor discovery; business continuity management; centralization of controls, corporate policies, risk profiles and the like; change management; compliance management; data consolidation from multiple sources; exceptions management; forms management; identity management; internal controls management; issue management; key performance indicator (KPI) tracking; login auditing; mobile access; multi-year planning; pentesting; risk assessment; segregation of duties (SoD) rule set; sign-off management; security integration; SOx Section 404 compliance; task management; workflow management.
-
Procurement, recommendation, research, sourcing, specification, testing and use of various AMS platforms, such as: Archer Audit Management; AuditBoard; AutoAudit; CAMS (Compliance Audit Management System); Fastpath Assure; HighBond; IBM Open Pages; Intelex Audit Software; Laika; LogicManager; MasterControl Audit Management; MetricStream Audit Management; Ncontracts; Onspring; Ostendio; Pentana Audit; Protiviti; Pulse; SAP Audit Management; SmartSolve; TeamMate+; Workiva.
Corporate Governance (Sarbanes-Oxley – SOx – Software – Change Management Software – CMS)
-
Change management software (CMS) platforms are used by enterprises to implement various types of changes to systems that must be implemented consistently and rapidly across many devices in many locations simultaneously.
-
At a minimum, CMS platforms should provide: approval management; AI; asset management; automated strategy reports; change management; change scaling; change success scores; cross-departmental collaboration; configuration management database (CMDB); conflict management; customization; detection and notification of unauthorized changes; information security; intelligent swarming; KPI monitoring; machine learning; migration management; objectives prioritization; organizational change management; performance metrics; process modeling; progress tracking; release management; remediation change management; root cause analysis; snapshot status reports; task assignment; task creation; visualization tools; walkthroughs;
-
Procurement, recommendation, research, sourcing, specification, testing and use of various CMS platforms, such as: BMC Helix ITSM; Device42; Engage Your Team; FreshWorks Freshservice; Gensuite; ManageEngine ServiceDesk Plus; ServiceNow Change Management; SunView ChangeGear; WalkMe; Whatfix; Wrike;
Corporate Governance (Sarbanes-Oxley – SOx – Software – Configuration Management Software – CMS)
-
Configuration management software (CM) platforms are used by enterprises to provide an accurate historical record of the enterprise system state, tracking changes to applications and their infrastructure to ensure that configurations are fully-functioning in a pristine condition, as when they were installed, to streamline auditing, updating and any necessary debugging.
-
At a minimum, CMS platforms should provide: A/B testing; asset management; automated network configuration backups; automated rollouts; automatic repair and restoration; automatic updating; autonomous agents; installation failure notifications; automation of routine and emergency operations tasks; bulk configuration changes; configuration change alerting; continuous compliance framework maintenance; custom script templates; multivariate testing; network mapping; retrospective defect tracking; roll-back capabilities; server-side testing; SOx-compliant reporting; system snapshots; version control tracking; workspace management.
-
Procurement, recommendation, research, sourcing, specification, testing and use of various CMS platforms, such as: Ansible Configuration Tool; Auvik; Azure Automation & Control; BackBox; Bamboo; CA Harvest Software Change Manager; CFEngine Configuration Tool; CHEF Configuration Tool; ConfigHub; Desktop Central; GitHub; IBM Rational ClearCase; Micro Focus AccuRev; Octopus Deploy; Optimizely Web Experimentation; Progress Chef; Puppet Enterprise; Rudder; SALTSTACK Configuration Tool; ServiceNow IT Service Management; SolarWinds Kiwi CatTools; SolarWinds Server Configuration Monitor; Strongpoint; TeamCity.
Corporate Governance (Sarbanes-Oxley – SOx – Software – Continuous Security Monitoring (CSM)
-
Continuous security monitoring (CSM) platforms – also known as cybersecurity monitoring software (CMS) platforms; information security monitoring (ISM) platforms; and, network security monitoring (NSM) platforms – are used by enterprises to maintain continuous awareness (uninterrupted monitoring) of the general threat landscape – potential external threats to and the potential internal vulnerabilities of their own enterprise IT ecosystems (which may include cloud applications, hardware, internet of things – IoT, middleware, networks, servers, software, and the like) – to facilitate making rapid, informed risk management decisions regarding the safety of such IT ecosystems through the use of outward-facing detection internal controls, placed in front of such IT ecosystem’s outward-facing preventative internal controls.
-
At a minimum, CSM platforms should provide: automated intervention and remediation; behavior analytics; compromised credentials detection; continuous monitoring of all enterprise security controls; continuous managed detection and response (MDR); customized deployments; dormant-identities scanning; downloads monitoring; identities-inventory scanning; excessive permission detection; in-memory executions scanning; integration of cybersecurity and risk management frameworks; logging; misconfiguration detection; monitoring process scalability; non-person (bot) scanning; over-permissioned identities scanning; proactive threat-hunting; security architecture assessments; security benchmarks; security key performance indicators (KPIs); security ratings; toxic combinations detection; workload vulnerability detection.
-
Procurement, recommendation, research, sourcing, specification, testing and use of various CSM platforms, such as: Acunetix; AVG Business Edition; Datadog; Heimdal CORP; Intruder; Malwarebytes; Nessus Professional; Securden; Teramind; UpGuard BreachSight.
-
There are also an increasing number of managed security service providers (MSSPs) (outsourced services providers otherwise known as “cloud security platforms”, which are generally cloud-based enterprises specializing in continuously-monitoring any potential threats to a customer enterprise from the external threat landscape), which also provide CSM platforms, such as for example: Check Point Services; Cisco Security Services; ControlScan; Cybriant; GoSecure Managed Security Services; IBM Managed Security Services; Lumen Connected Security; McAfee Security Services; Netsurion; OneNeck IT Solutions; Rapid7 Security Services; Sentinel Managed Network Security Services; Silversky Managed Security Services; Sophos Professional Services; Switchfast Technologies; Web Application Security Assessment.
Corporate Governance (Sarbanes-Oxley – SOx – Software – Contract Lifecycle Management – CLM)
-
Contract lifecycle management (CLM) platforms are used by enterprises to streamline the entire contract lifecycle process, from pre-signature to post-signature; CLM should not be confused with plain contract management (CM) platforms; CM involvement with a contract ends once the contract has been executed by both parties and returned to the contracts manager for archiving; after that point, contract administrators take over, to manage all issues involving that contract until the expiration or termination of that contract; on the other hand, CLM handles the entire lifecycle of a contract, from initial negotiations (perhaps commencing with a standard template), and then continuing on through the execution of that contract by both parties and return to the contracts manager for archiving, and then on through the entire remaining term of that contract until that contract either expires or is terminated; CLM platforms are designed to integrate with many other types of contract-related software, such as for example – customer relationship management (CRM) platforms, email platforms, proposal platforms (for generating requests for information – RFIs – requests for proposals – RFPs – requests for qualifications – RFQs – and, requests for solicitations – RFSs), e-signature platforms, and the like, so that all aspects of the contract lifecycle can be integrated into one platform.
-
At a minimum, CLM platforms should provide: alerts; all the attributes and functions of a CM platform; archiving; approval management; AI; change management; compliance with all applicable laws in the jurisdiction of the contract, as well as all applicable Federal laws for all Federal-related contracts; customization; document management capabilities; editing and markup capabilities; full text search capability; internal controls; language translation modules; machine learning; multi-currency conversion; negotiation playbooks; notifications; optical character recognition (OCR); records retention rules; reporting capabilities to all parties to facilitate all contract-related communications through the entire contract lifecycle; risk management rules; scanning capabilities; template libraries; terms libraries; tracking for every step of the contracting process; SOx compliance; version control.
-
Procurement, recommendation, research, sourcing, specification, testing and use of various CLM platforms, such as: Agiloft Contract Management Suite; App4Legal; Avokaado; Cequence; CobbleStone Contract Insight Enterprise; Concord; Conga Contracts; Conga CLM; Contract Logix; Contracts 365; Contractzy; ContractPodAi; DocuSign CLM; EraCLM; Evisort; Gatekeeper; Gino LegalTech; Icertis Contract Management Software; IntelAgree; Ironclad; Juro; Leeway; Lexion; LinkSquares; Malbek Contrax; Onit ContractWorks; Outlaw; PACTA; Razor365 Contract Management; SAP Ariba; SimpliContract; Simplify Contracts; SirionOne Contract Management Software; SpotDraft; Webdox; Workday Strategic Sourcing; Zoho Contracts; Zycus Contract Management.
Corporate Governance (Sarbanes-Oxley – SOx – Software – Data Mining Software – DM)
-
Data mining software (DMS) platforms are used by enterprises to search for, identify, extract and analyze possible useful patterns in large-size data sets, generally to find relationships within the patterns.
-
At a minimum, DMS platforms should provide: alerts; AI; clustering; data aggregating; data analysis; data analytics; data blending; data scrubbing; data filtering; data identification; data joining; data management; data manipulation; data mapping; data merging; data modelling; data optimization; data searching; integration with databases; descriptive modeling; machine learning; predictive analytics; prescriptive analytics; query management; regression; remote analysis processing; reporting; results validation; risk analysis; scheduling; SQL; text searching; topic detection; visualization options.
-
Procurement, recommendation, research, sourcing, specification, testing and use of various DMS platforms, such as: Advanced Miner; Alteryx; Analytic Solver; Board; Data Melt; Datawatch; Dundas; ELKI; Enterprise Miner; H2O; IBM SPSS Modeler; Inetsoft; MonkeyLearn; Oracle Machine Learning on Autonomous Database; PolyAnalyst; Qlik; RapidMiner; SAS Visual Data Mining and Machine Learning; Sisense; Solver; SPMF; Talend Data Fabric; Teradata; Weka; Zoho Analytics.
Corporate Governance (Sarbanes-Oxley – SOx – Software – Enterprise Resource Planning – ERP)
-
Enterprise resource planning (ERP) platforms are used by enterprises to act as a central hub for end-to-end workflow and data, managing all aspects of an enterprise, to align many functions of the enterprise operations – such as: accounting; distribution; financial management; human resources; manufacturing; supply chain management – generally through add-on modules which the enterprise may purchase and implement when necessary, and to provide the transparency required to pass external independent SOx audits.
-
At a minimum, ERP platforms should provide a variety of agile, operations-related, add-on modules, such as: accounting; accounts payable; accounts receivable; analytics; banking; bill of materials (BOM); budgeting; cash management; credit management; customer relationship management (CRM); general ledger; global consolidations; human resources (HR); integration; inventory; manufacturing; payroll; purchase order management; quality management; recruiting; reporting; sales; shipping; taxation; warehouse management.
-
Procurement, recommendation, research, sourcing, specification, testing and use of various ERP platforms, such as: Acumatica; Aquilon ERP; Brightpearl; DEAR Systems; Epicor ERP; ePROMIS ERP; Kechie; NetSuite; Odoo ERP; ParagonERP; QT9 ERP; Sage Intacct; SAP Business ByDesign; SAP Business One; SAP ERP; SAP S/4HANA Cloud; SYSPRO; TallyPrime.
Corporate Governance (Sarbanes-Oxley – SOx – Software – File Integrity Management – FIM)
-
File integrity monitoring (FIM) platforms are used by enterprises to improve data security within the enterprise, by continuously-monitoring the integrity of all files within the enterprise ecosystem, and then reacting to any perceived threat, while simultaneously sending automatic alerts and notifications to relevant enterprise personnel in the event the FIM platform detects an unauthorized file modification.
-
At a minimum, FIM platforms should provide: backup; checksums; encryption; incident response; intrusion detection; log management; managed detection and response (MDR); multiple systems monitoring; port monitoring; regular system snapshots; regulatory compliance management; restore; risk categorization; root cause analysis; rootkit detection; threat management; user activity tracking; validation management; vulnerability management.
-
Procurement, recommendation, research, sourcing, specification, testing and use of various FIM platforms, such as: AIDE; AFICK; CrowdStrike Falcon FileVantage; Datadog; Netwrix Auditor; ManageEngine ADAudit Plus; ManageEngine EventLog Analyzer; OSSEC Syscheck; Qualys File Integrity Monitoring; Samhain File Integrity; SolarWinds Security Event Manager; SolarWinds Server & Application Monitor; Tripwire File Integrity Manager; Trustwave Endpoint Protection.
Corporate Governance (Sarbanes-Oxley – SOx – Software – Identity and Access Management – IAM)
-
Identity and access management (IAM) platforms (also known as identity management software – IMS – platforms) are used by an enterprise to manage information about each individual user to facilitate their login to various other areas and platforms within the enterprise.
-
At a minimum, IAM platforms should provide: access options (authorization or restriction of access for certain individuals to access certain information to certain persons throughout the enterprise); directory and user repository management (RM) applications to track access by users to the various areas of the enterprise software system; identity federation (delegating an the authentication responsibility for logins to a trusted external third-party, in which federation partner is either an identity provider – IdP – or a service provider – SP); multi-factor authentication (MFA) (which is the use of various multiple methods to create a chain of authentication methods – from the simple, such as a strong password, to the medium, such as a text message to the individual's cell phone with a randomly-generated pass code that expires relatively quickly, to the complex, such as biometric methods, including fingerprints or retina scans); password management options and self-help options for regenerating passwords; security analytics (SA) for auditing and compliance management; single sign-on (SSO) capability (the ability to login to the entire enterprise information system only once, subject to any restrictions placed on the individual by the system administrators, without any further need to login to each application or database individually).
-
Research, testing, use, recommendation, specification and procurement of various IAM platforms, such as: 1Password; ADAudit Plus; Amazon Cognito; Auth0; Avatier Identity Anywhere; Azure Active Directory; BeyondTrust; Endpoint Privilege Management; Bitium; Broadcom Layer7 Identity Management; Centrify Identity Service; CyberArk Privileged Account; EmpowerID Security; IBM Cloud App ID; IBM Security Verify Access; Idaptive Next-Gen Access; Identity Automation; IdentityIQ; Imprivata OneSign; Intermedia AppID Enterprise; JumpCloud Directory-as-a-Service; Kaseya AuthAnvil; Keeper for Business; LastPass for Business; ManageEngine ADManager Plus; Micro Focus; miniOrange; My1Login; NetIQ IDM; Okta Identity Cloud; Omada Identity Suite (OIS); One Identity; OneLogin; OnSemble; Optimal IdM; Oracle Identity Governance; Oracle Identity Management; Ping Identity Platform; PortalGuard; Radiant Logic; RingCaptcha; RingLead; Rippling; RSA SecurID Suite; SailPoint Identity as a Service (IDaaS); Salesforce; SAP Customer Data Cloud; Saviynt; SolarWinds Access Rights Manager (ARM); SecureAuth; SecZetta; Simeio; Symantec VIP; TeamsID; Tools4ever; Ubisecure; Varonis Data Security Platform; VMware Workspace One; WatchGuard AuthPoint; WSO2 Identity Server; Zoho Vault.
Corporate Governance (Sarbanes-Oxley – SOx – Software – Optical Character Recognition – OCR)
-
Optical character recognition (OCR) platforms are used by enterprises to convert images and written text through scanning into machine-readable text data, for document management and searching.
-
At a minimum, OCR platforms should provide: analytics; AI; classification; collaboration capabilities; compatability with numerous applications and file types; conversion capabilities; digital image processing (DIP); document management; editing capabilities; image recognition software (IRS); intelligent document processing (IDP); machine learning; language recognition; natural language processing (NLP); print management; spellcheck; text manipulation capabilities.
-
Research, testing, use, recommendation, specification and procurement of various OCR platforms, such as: Amazon Textract; Docparser; Ephesoft; Filestack Capture; FineReader PDF; Hyperscience; IBM Datacap; IntSig OCR Solutions; Laserfiche; Nanonets; Ocrolus; OmniPage Ultimate; OpenText Capture Center; PARSEDOC; Readiris; Rossum; SimpleOCR; Square 9 Softworks; Tesseract.
Corporate Governance (Sarbanes-Oxley – SOx – Software – Patch Management Software – PMS)
-
Patch management software (PMS) platforms are used by enterprises to ensure that all hardware, middleware and software installations throughout the enterprise are updated automatically.
-
At a minimum, PMS platforms should provide: alerts; anti-cryptojacking scanning; anti-malware scanning; anti-ransomware scanning; anti-virus scanning; AI; backup; endpoint protection management; helpdesk; logging of all updates; machine learning; notifications; remote IT monitoring & management (RMM); reports; security risk mitigation; task automation; ticketing; update tracking; URL filtering; vulnerability management.
-
Research, testing, use, recommendation, specification and procurement of various PMS platforms, such as: Acronis Cyber Protect; Acronis Cyber Protect Cloud; Action1 RMM; Addigy; Atera; Automox; Central; ConnectWise Automate; Datto RMM; Easy Software Deployment; Heimdal Security; Kaseya VSA; ManageEngine Desktop Central; ManageEngine Patch Manager Plus; NinjaOne; PDQ Deploy; Pulseway; SaltStack; SanerNow; SmartDeploy; SolarWinds Patch Manager; SUSE Manager; Symantec Client Management Suite; Symantec Endpoint Management; Syxsense.
Corporate Governance (Sarbanes-Oxley – SOx – Software – Sarbanes-Oxley Management – SOxM)
-
Sarbanes-Oxley (SOx) management (SOxM) platforms are used by enterprises to protect enterprise data and stakeholders from fraudulent business and financial practices, through compliance with SOx and through integration with accounting, auditing and financial platforms.
-
At a minimum, SOxM platforms should provide: auditing plans; data loss prevention; integration with existing applications; log management; maintaining data security; mitigation planning; monitoring for business process exceptions; regulatory change management; reporting general hardware and software failures; testing internal controls; verifying segregation of data (SoD); and the like.
-
Procurement, recommendation, research, sourcing, specification, testing and use of various SOxM platforms, such as: Apparity; AuditBoard; Avatier; BWise Sox Compliance 2.0; CA Veracode Policy Manager; CoSoSys Endpoint Protector; Diligent HighBond; DoubleCheck SOX Compliance Management; Galvanize ControlsBond; Ekran SOx Compliance; Fastpath Assure; HelpSystems Powertech; Ideagen Pentana; LogicManager; ManageEngine Eventlog Analyzer; ManageEngine Log360; Metricstream; Netwrix Auditor; Onspring; Pathlock; ProcessUnity Sarbanes-Oxley Compliance Management Solution; Predict360 SOX Compliance Software; Resolver; RSA Archer; SolarWinds Security Event Manager; SOX Expert; Thycotic Secret Server; Workiva.
Corporate Governance (Sarbanes-Oxley – SOx – Software – Security Information and Event Management – SIEM)
-
Security information and event management (SIEM) platforms are used by enterprises to centralize security operations into a single location through a combination of various software security applications.
-
At a minimum, SIEM platforms should provide: alerts; anomalies detection; AI; behavior analytics; communications; continuous intelligence; forensic analysis; identity management; logging; machine learning; malware scanning; network health snapshots; notifications; risk mitigation; root cause analysis; security governance; security remediation; threat detection, intelligence, investigation, prioritization and response; unauthorized access detection; vulnerabilities management.
-
Research, testing, use, recommendation, specification and procurement of various SIEM platforms, such as: AlienVault USM; Blumira Automated Detection & Response; CyberMaxx Managed Detection and Response; Coralogix; Datadog; Elastic Security; EventSentry; FortiSIEM; Graylog; IBM Security QRadar; InsightIDR; Juniper Secure Analytics; Logsign Next-Gen SIEM; LogPoint; LogRhythm NextGen SIEM Platform; Logz.io; ManageEngine Log360; McAfee Enterprise Security Manager; Microsoft Sentinel; Netsurion Managed Threat Protection; OSSIM; SolarWinds Security Event Manager; Splunk Enterprise Security; Sumo Logic; Surelog; Vijilan.
Corporate Governance (Sarbanes-Oxley – SOx – Software – Security Posture Management – SPM)
-
Security posture management (SPM) platforms are used by enterprises to ensure protection for complex, modern hybrid computing environments by continuously-monitoring cloud applications, containers, hardware assets, infrastructure, services, software applications, and the like, to detect and remediate incorrectly-enforced policies and misconfigurations, based on administrator-created rules.
-
At a minimum, SPM platforms should provide: alerts; anomalies detection and remediation; AI; automated threat detection and remediation; configuration management; logging; notifications; risk prioritization.
-
Research, testing, use, recommendation, specification and procurement of various SPM platforms, such as: Adaptive Shield SSPM; BMC Helix; C3M; Check Point; CloudGuard Posture Management; CrowdStrike Falcon Horizon; Cymulate; Ermetic; Fugue; Lacework; ManageEngine Applications Manager; Orca Security; Palo Alto Prisma; Rapid7; SaaS Security Posture Management; Skyhigh Security; Splunk; Sysdig Secure; Tenacity; Threat Stack; Trend Micro Hybrid; Turbot; Wiz; Zscaler.
Corporate Governance (Sarbanes-Oxley – SOx – Software – Vendor Risk Management – VRM)
-
Vendor risk management (VRM) software platforms are used to assess, identify, manage and monitor vendor risks for the enterprise, by centralizing enterprise vendor data and facilitating the vendor risk management lifecycle process.
-
At a minimum, VRM software platforms should provide: alerts; artificial intelligence (AI); business continuity planning; compliance management; criticality analytics; customization; due diligence; forms repository; identification and tracking of risk-positive entities; incident reporting; insurance monitoring; internal controls management; key performance indicator (KPI) scores management; machine learning (ML); managing service level agreements (SLAs); notifications; off-boarding management; on-boarding management; operations management; performance tracking; questionnaires management; residual risk analytics; risk identification processes; risk mapping; security posture management; security protocols maintenance; self-service portal; vendor audits; templates repository; vendor business profile management; vendor document management; vendor investigations; vendor management; vendor ratings management; vendor risk assessments; workflow management.
-
Procurement, recommendation, research, sourcing, specification, testing and use of various VRM software platforms, such as: 3rdRisk; Allgress; Aravo Third-Party Management; Archer Third Party Governance; BitSight Security Ratings Platform; Black Kite Cyber Risk Rating System; Brinqa Vendor Risk Management; BWise Vendor Risk Management; Censinet Third-Party Vendor Risk Management; Coupa BSM Platform; CyberGRX Exchange; CyberScore; FlentisPRO VMS; Fusion Framework System; Galvanize ThirdPartyBond; HighBond; Insight Risk Management Suite; Kissflow Procurement Cloud; LogicGate Risk Cloud; LogicManager; MetricStream Vendor Risk Management; NAVEX Lockpath; Ncontracts; OneTrust Third-Party Risk Management; OneTrust Vendorpedia; Openly Vendor Monitor; Onspring; Ostendio; Panorays; Prevalent Third-Party Risk Management; Privva Vendor Risk Management; ProcessBolt; ProcessUnity Vendor Risk Management; Quantivate Vendor Management Software; Resolver Vendor Risk Management; RiskRecon; SAI360 Third-Party Risk & Vendor Risk Management; SAP Fieldglass; SecurityScorecard Platform; Seemplicity; ServiceNow Vendor Risk Management; Software Secureframe; START VRM; Tradogram; TrustArc Vendor Risk Management; Tugboat Logic; UpGuard Vendor Risk; Vendora; VendorINSIGHT; VendorPoint; Venminder; Whistic; Worksuite.
-
Progress_Page_Last_Updated_221105_1308