Showing 1-20 of 79 products
LogicGate is a cloud-based governance, risk management and compliance (GRC) solution. It is suitable for businesses of all sizes in financial services, pharmaceuticals, life sciences, health care, energy, retail and education industries.... Read more
MasterControl Quality Management System (QMS)
MasterControl Quality Management System (QMS)
MasterControl QMS is an integrated quality management system that can be installed on-premise or accessed through the web. It is suited for businesses of any size and a multitude of industries including agriculture, lumber, industrial... Read more
AuditBoard is a cloud-based company that provides SOX (Sarbanes Oxley Act) audit management software. The solution allows users to collaborate, manage, analyze, and report on internal controls data in real time. It offers a suite of... Read more
RegulatoryOne is cloud-based regulatory information management solution that helps firms ensure that their products maintain compliance norms in the local market. It is primarily designed to assist multinational organizations follow... Read more
SiteDocs is a cloud-based audit management solution designed for businesses of multiple sizes in the construction and maintenance industries. Users can run their safety programs through mobile apps and web browsers. Key features include... Read more
ZenGRC is a cloud-based and on-premise governance, risk and compliance (GRC) management solution. It serves businesses of all sizes in any industry, including technology, retail, consumer goods, health care and finance. Primary features... Read more
Procipient is a SaaS platform, which helps users manage business risks. With a pre-built business risk framework, it overcomes the complexities thrown by ERM-GRC platforms. The interface is equipped with reporting features and role-based... Read more
Diligent Entities software is developed to help enterprises integrate their commercial data and simplify operations to achieve compliance goals. It improves business efficiency and supervises internal work groups for better information... Read more
NAVEX Global is a cloud-based solution that helps small to large businesses identify, assess and mitigate various types of risks including harassment, bribery, conflicts of interest and data security. It enables users to automate processes... Read more
PolicyTech is a policy and procedure management solution from NAVEX Global that is suitable for all industries including healthcare, financial services, manufacturing, retail, government, energy and law enforcement. PolicyTech offers... Read more
Standard Fusion is a cloud-based compliance management solution that is designed for industries such as healthcare, technology, manufacturing, government and retail. Key features include control management, control monitoring and policy... Read more
Promapp is a cloud-based process management and compliance solution that enables large and midsize businesses to create and share process knowledge using a centralized repository. The solution is suitable for various industries including... Read more
Netwrix Auditor is a security solution that allows administrators to manage server log files, security events and syslogs across the company network. The solution alerts administrators in real time on critical events. It allows administrators... Read more
Medfiles.OHS is a cloud-based compliance management solution that helps businesses of all sizes track and manage incidents within the organization. It provides several modules, including drug screening, medical surveillance and OSHA... Read more
DSRAZOR for Windows
DSRAZOR for Windows
DSRAZOR for Windows provides security access management solutions to organizations of all sizes to help them minimize costs and challenge regarding internal security. DSRAZOR for Windows offers file permission recording, active directory... Read more
SafetySync is a cloud-based occupational health and safety management system that helps organizations monitor risks, train employees and keep up to date with compliance regulations. It is suitable for businesses of all sizes in a range... Read more
i-Sight is a cloud-based compliance management solution that helps businesses of all sizes implement workflows, analyze results, spot trends, assess training gaps and monitor risks. It includes notifications and alerts to help manage... Read more
ManageEngine ADAudit Plus
ManageEngine ADAudit Plus
ADAudit Plus by ManageEngine is an on-premise auditing solution. Key features include tools that allow users to audit active directories, login and logoff records, file servers and Windows server data. Users can monitor and generate... Read more
Assignar is a cloud-based construction management solution suitable for businesses in a variety of industries. Key features include timesheets, custom forms, inspections, scheduling, compliance management, invoicing and payroll. Workers... Read more
LiveFile 360 is a cloud-based document management platform that helps financial firms manage compliance and confidentiality across client files. With an encrypted, locked-down file system, it enables businesses to secure databases... Read more
What is Compliance Management software?
Compliance management software is a program used to continually track, monitor, and audit whether business processes are aligned with applicable laws, organizational policies, and the standards of consumers and business partners.
Of course, a corporate compliance program goes far beyond software, and businesses in certain industries may not even need software to manage compliance requirements. However, large businesses and organizations in sensitive industries (pharmaceutical manufacturing, financial services etc.) generally benefit from an approach to compliance issues that’s partially automated by software.
Compliance management functionality can be found in various types of software. We’ll help you understand your options, so you can make the right choice for your specific business model and industry.
Here’s what we’ll cover:
Which Types of Software Help With Compliance Management?
There are essentially three kinds of compliance management software (also known as corporate compliance and oversight tools) on the market:
- All-purpose compliance management platforms
- Industry-specific compliance management tools
- Governance, risk and compliance (GRC) software
Industry-specific tools help businesses in heavily regulated industries (health care, industrial manufacturing, financial services etc.) meet specific legislative and commercial requirements.
GRC platforms include generic compliance management features alongside a broader set of capabilities for risk management and corporate governance (for instance, IT risk management, business continuity planning, and legal management). Sample vendors include Enablon.
In this buyer’s guide, we’ll focus on all-purpose compliance management platforms as well as GRC platforms. Industry-specific tools are so niche in functionality that your specific business model will significantly whittle down your shortlist of vendors.
What Is the Core Functionality of Compliance Software?
Compliance software covers a huge range of business processes, regulations and industry needs. It’s no surprise that platforms are highly diverse in their functionality.
Compliance doesn’t stop at industry regulations and standards (OSHA, ISO etc.). Corporate ethics policies, acceptable use policies, and even business partner policies can all pose compliance issues. For instance, Wal-Mart suppliers have to meet a number of stringent standards that suppliers of many other major retailers don’t have to bother with.
Let’s therefore zoom in on the most important components of a compliance management system:
|Policy management and compliance registry||Policy authoring and approval workflows, version control, etc. Policies are documented in a global registry that maps applicable regulations to policies.|
|Controls monitoring||Workflow engine enables business units to attest compliance with policies and regulations. Controls are documented in a centralized catalog, and standardized workflows allow for a controlled incident escalation process.|
|Compliance reporting||Enables visibility into violations and noncompliant facilities at various levels of aggregation via dashboards and scheduled reports. Some solutions also support continuous monitoring of KPIs related to sensitive business processes for compliance issues.|
|Audit management||Systematic workflows, case management and reporting features for investigating and resolving compliance issues. Some solutions also support real-time field reporting for audits.|
|Regulatory intelligence and change management||Tracks RSS and XML feeds of regulatory information and alerts published by standards bodies and government organizations. Feeds can then be mapped to existing policies. Some providers also have legal teams that compile knowledge bases of international regulations.|
|E-learning for compliance training||Generic and customizable online courses for training employees on how to comply with policies.|
|Survey tools||Survey modules allow organizations to distribute self-assessments to employees.|
|Conflicts management||Tools for monitoring potential conflicts of interest (employee gifts, employee trading etc.)|
|Fraud management||Risk management features allow for detection of patterns indicating fraudulent activity in financial statements, vendor payments etc. Controls can also be tested for efficacy in preventing fraud, and “whistleblower” hotlines and web forms allow employees to act as a front line of defense.|
|Multilingual interfaces||Interfaces are available for employees who don’t speak English.|
Aside from these specific features, the advisory firm Gartner notes in their “Market Guide for Corporate Compliance and Oversight Solutions” that one of the most important functions of compliance software is aggregation: “The huge number of global legal, regulatory and administrative requirements and the variety of standards, guidelines and frameworks require compliance managers to merge and normalize mapping of requirements to controls and other compliance activities.” (The full report is available to Gartner clients.)
This is obviously a daunting policy management challenge that compliance software partially addresses through automation.
Which Compliance Areas Do All-Purpose Solutions Cover?
In addition to basic requirements, such as employee codes of conduct, GRC platforms and all-purpose compliance management, software solutions typically cover the following compliance areas:
- Model Audit Rule
- Foreign Corrupt Practices Act
- Bank Secrecy Act
- Gramm–Leach–Bliley Act
Industry-specific standards bodies and regulatory agencies
- Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Many providers offer out-of-the-box support for dozens of other standards, but if your organization operates in a heavily regulated industry, the first step in your search should be evaluating industry-specific solutions.
Key Considerations for Buyers
We’ve seen that the landscape of compliance management vendors remains highly fragmented due to the diverse nature of compliance requirements. Keeping the following considerations in mind will help you evaluate vendors to build an effective shortlist:
- How much risk management functionality do you need? Risk management and compliance management frequently go hand-in-hand, and many providers offer integrated solutions that can identify compliance risks.
- Does your business operate in an industry where continuity planning is necessary? Typically, vendors that handle compliance management also offer business continuity management. Manufacturers, large retailers and other organizations with complex supply chains, as well as organizations that operate in politically and economically unstable regions, can benefit from consolidating these requirements in a single platform.
- To what extent does the IT department factor into compliance requirements? IT compliance is, to some extent, its own beast. Not all vendors offer equal coverage when it comes to IT compliance—look for vendors offering out-of-the-box support for frameworks like Control Objectives for Information and Related Technologies (COBIT).