Once we managed to gather together all the departments to work on TRAC everyone saw the benefits of this kind of risk management/Vendor Management/ERM software.

It is mathematically based, utilizing information garnered from hundreds of other financial institutions. Once you decide on the basics - giving everything a rating from 1 to 5 the mathematics show you exactly what is more important and where to focus your time and money.

The software is wonderful - getting the buy-in from staff can be difficult.

Overall, I have saved HOURS of time utilizing TRAC. It allows us to manage our contracts and risk audits so much easier and do more than what the regulators are requiring. This enables us to keep our ducks in a row much easier.

The useability of TRAC makes my life so much easier. Before choosing TRAC, I tested multiple solutions ranging from cheap to super expensive. Those systems tested were decent, but TRAC was designed in my opinion with the end user in mind. I feel if I would sit down and design a system today, this is how I would have designed it. Since their company also does outside security audits for financial instructions, I feel it keeps TRAC current with what regulators are requiring.

I understand why they offer separate TRAC modules, but I wish they offered better pricing for existing customers. Even better if I use them for my 3rd party security IT audits, it would be nice to be able to purchase TRAC inclusive package for a discounted flat fee.

It gets the job done for my needs.

Solves most of my compliance needs with regulators for vendor management, IT risk assessment. I do not use the other modules as we have other products.

Like all vendors, there are flaws and annoying issues that should be resolved. SBSCyber does resolve most items provided to support. There is an active development in the product(s) and an end user group that meets annually.

I see two main benefits from TRAC. 1) It is way easier than maintaining the spreadsheet based risk assessments we used originally. We didn't know if our examiners were going to agree with our assessments, whether it was the level of risk or the value of mitigations. This way we can rely on an expert opinion for those facts, and save a TON of time on the assessments themselves. 2) It helps us to see where our dollars will have the largest impact. We can use the planned control option to see how much a new logging system might move the needle on risk across the board.

I would like to get raw data out of it, so we can analyze and report on it ourselves without using their tooling. It would also be nice to have a backup of our own.

TRAC provides easy to use and up to date tools to help automate and assist an organization in the implementation of their information security program.

TRAC's IT Assets, Vendor, and Business Continuity modules provide a straightforward and consistent method to conduct risk assessments for these activities plus it generates reports and review schedules. You can easily document references and add notes to each item in the modules. The Information Security Program (ISP) module is a customizable tool that generates polices and maintains a review schedule.

I would like to see more customization options for the vendor management module, especially for vendor selection. Vendors provide diverse products and services to banks. Some vendors do not provide services or products that apply to a strict safe guarding regulatory approach to vetting or managing a vendor. For non-bank transaction centric vendors, banks still have needs to manage these vendors which TRAC is capable of handling.