Re: Ballpark price on GRC licensing

["Carson, Larry" <larry.carson () UBC CA>]

Hi Teresa,

 

In reviews we've done, with most of the vendors listed plus others not on
your list, cost varied from $35K to about $150K for licensing but ranged as
high as $250K. When you're looking at Enterprise licensing for unlimited
seats it's typically in the $50K - $75K per module range and you generally
need more than 1 module if you want any kind of risk register and
survey-like input functionality. Once you're done with the licensing you'll
want to look at implementation costs which usually adds $80K - $120K onto
the cost: installation, customisation, use case scenarios, reporting, etc.
All said and done the lowest cost we saw was about $75K for licensing plus
implementation and the highest was $250K; I should qualify that by saying
"for products that met our needs".

 

BTW I took a look at the Educause resource page that Valerie listed below.
It's a really good resource and I was happy to see that it touched on the
differences between IT GRC and Enterprise GRC - similar but slightly
different animals; the Enterprise GRC becomes really important when looking
at a more holistic programme where information may be shared between
Enterprise Risk Management, Information Security, PCI-DSS compliance,
Internal Audit, VPs and any other risk management/compliance groups.

 

 

Regards,
Larry Carson
Associate Director, Information Security Management, UBC

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valerie Vogel
Sent: February-23-12 2:06 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Ballpark price on GRC licensing

 

Teresa,

The EDUCAUSE/Internet2 Higher Education Information Security Council (HEISC)
recently developed a GRC FAQ:
https://wiki.internet2.edu/confluence/display/itsg2/GRC+FAQ

 

Although it does not provide pricing information, the FAQ offers tips and
advice from several institutions who have recently gone through (or are
going through) the process of selecting a GRC system.

 

Thank you,

Valerie

_______________

 

Valerie M. Vogel

Program Manager, EDUCAUSE

office: (202) 331-5374

e-mail: vvogel () educause edu

_______________

 

Follow us on Twitter! @HEISCouncil <http://twitter.com/#!/HEISCouncil> 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Banks, Teresa E -
(tbanks)
Sent: Thursday, February 23, 2012 12:28 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Ballpark price on GRC licensing

 

We are interested in exploring the cost of purchasing GRC licensing.  The
vendors that we are considering are Archer, BWise, and Metric Stream.  Does
anyone have any information on this?   Thanks for any information you can
provide.

 

Teresa

 

Teresa E. Banks

Senior Program Coordinator

University Information Security Office

University of Arizona

1077 North Highland Avenue

P. O. Box 210073

Tucson, AZ  85721-0073

tbanks () email arizona edu

http://security.arizona.edu

Phone:  (520) 621-UISO (8476)

Attachment: smime.p7s
Description: