How to evaluate risk management solutions

Scrutinize any potential solution carefully before you make a commitment. After all, the point is to reduce risk, not to introduce new risk factors

Risk management is a sprawling initiative that requires a complex mix of technologies. So how should companies evaluate risk management solutions? Orchestria Vice President of Global Marketing Paul Johns recommends “five proofs” for any solution: 

Proof of precedent Who’s using the software? Due diligence chasing down customer references, preferably in your industry, is essential.

Proof of integration Can the vendor integrate with the systems you use and may use in the future — for example, data archives by both Symantec/Veritas and EMC, or just one? Can the vendor prove it with a working implementation, or does it just offer promises?

Proof of ROI Risk is not a one-hit wonder. Compliance must be sustained year in and year out. Will the solution bring down management costs and earn return on investment both now and in the future?

Proof of policy Can the technology help you implement, rather than merely document, detailed risk management policies? If so, using which technologies?

Proof of concept Can the technology scale up to handle your data and your policies? Don’t take anyone’s word for it. Run a large-scale pilot project before you buy.