Educause Security Discussion mailing list archives
Re: Ballpark price on GRC licensing
From: "Carson, Larry" <larry.carson () UBC CA>
Date: Thu, 23 Feb 2012 22:23:15 +0000
Hi Teresa, In reviews we've done, with most of the vendors listed plus others not on your list, cost varied from $35K to about $150K for licensing but ranged as high as $250K. When you're looking at Enterprise licensing for unlimited seats it's typically in the $50K - $75K per module range and you generally need more than 1 module if you want any kind of risk register and survey-like input functionality. Once you're done with the licensing you'll want to look at implementation costs which usually adds $80K - $120K onto the cost: installation, customisation, use case scenarios, reporting, etc. All said and done the lowest cost we saw was about $75K for licensing plus implementation and the highest was $250K; I should qualify that by saying "for products that met our needs". BTW I took a look at the Educause resource page that Valerie listed below. It's a really good resource and I was happy to see that it touched on the differences between IT GRC and Enterprise GRC - similar but slightly different animals; the Enterprise GRC becomes really important when looking at a more holistic programme where information may be shared between Enterprise Risk Management, Information Security, PCI-DSS compliance, Internal Audit, VPs and any other risk management/compliance groups. Regards, Larry Carson Associate Director, Information Security Management, UBC From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valerie Vogel Sent: February-23-12 2:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Ballpark price on GRC licensing Teresa, The EDUCAUSE/Internet2 Higher Education Information Security Council (HEISC) recently developed a GRC FAQ: https://wiki.internet2.edu/confluence/display/itsg2/GRC+FAQ Although it does not provide pricing information, the FAQ offers tips and advice from several institutions who have recently gone through (or are going through) the process of selecting a GRC system. Thank you, Valerie _______________ Valerie M. Vogel Program Manager, EDUCAUSE office: (202) 331-5374 e-mail: vvogel () educause edu _______________ Follow us on Twitter! @HEISCouncil <http://twitter.com/#!/HEISCouncil> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Banks, Teresa E - (tbanks) Sent: Thursday, February 23, 2012 12:28 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Ballpark price on GRC licensing We are interested in exploring the cost of purchasing GRC licensing. The vendors that we are considering are Archer, BWise, and Metric Stream. Does anyone have any information on this? Thanks for any information you can provide. Teresa Teresa E. Banks Senior Program Coordinator University Information Security Office University of Arizona 1077 North Highland Avenue P. O. Box 210073 Tucson, AZ 85721-0073 tbanks () email arizona edu http://security.arizona.edu Phone: (520) 621-UISO (8476)
Attachment:
smime.p7s
Description:
Current thread:
- Ballpark price on GRC licensing Banks, Teresa E - (tbanks) (Feb 23)
- Re: Ballpark price on GRC licensing Valerie Vogel (Feb 23)
- Re: Ballpark price on GRC licensing Carson, Larry (Feb 23)
- Re: Ballpark price on GRC licensing Valerie Vogel (Feb 23)