The offering addresses risk through four areas of management: compliance, internal control, audit and risk management. It brings in all the components of risk, including incident management, IT, operational, compliance management, business continuity planning, policy and vendor risk management.
The product is offered either as a software-as-a-service model using SAS 70-certified solution-hosting by one of the world's top service providers, or onsite/on-premise software.
The platform looked mature and is highly tuneable, supporting a number of integration points with a lot of evaluation capabilities. It is strong on usability, process and manageability. There is effective, real-time, "what-if" scenario analysis. Further, nonimplemented controls can be simulated, facilitating analysis of the results before making any final decisions. The dashboarding capability is strong, with detailed, compliance-level visualization by type, complete with drill-down into detailed and well-organized data. There is also a full audit log for tracking all aspects of the workflow within the system.