The software category known as "governance, risk and compliance" ended 2009 pretty much where it began: still lacking a clear identity. Any apt description of GRC, in fact, remains tantamount to, as one industry insider puts it, "an academic definition of the word mess."
It is an open question whether the GRC umbrella - stretching over at least 20 substantially different "enterprise platforms" plus an immense array of more-focused products that address specific facets of GRC (often tailored for a specific industry's needs) - has any definition at all. "There's no arguing that from a buyer's perspective, 'GRC software' doesn't exist today," according to Ventana Research analyst Robert Kugel.
