Company: Agiliance, Sunnyvale, CA
Company Description: Agiliance is the leading independent provider of integrated solutions for Operational and Security Risk Intelligence. Agiliance is automating how Global 2000 companies and government agencies continuously monitor big data for risks across financial, operations, and IT domains to increase operational efficiency and orchestrate incident, threat, and vulnerability actions in real time.
Nomination Category: New Product & Service Categories - Software
Nomination Sub Category: New Product or Service of the Year - Software - Governance, Risk & Compliance Solution

Nomination Title: Agiliance RiskVision 7.5

Tell the story about this nominated product or service (up to 650 words). Describe its function, features, benefits, and performance to date:

Organizations are grappling to find the best way to leverage their knowledge of risk to optimize business investments and performance. Current risk management and governance practices are inadequate. Previously, organizations had two options. The first was to hire a legion of staffers to tackle governance and security risks using a silo-based approach, often leveraging antiquated tools such as spreadsheets to document their findings. The second was to implement Governance, Risk, and Compliance (GRC) processes using outside consultants and traditional GRC solutions that require high levels of customization.

A recent white paper written by global advisory firm Enterprise Strategy Group (ESG), entitled "Beyond GRC: SRM and the Move to Integrated Risk Management", found that a majority of respondents view the traditional mix of GRC systems as inflexible, slow, and incapable of delivering on the promise of automating governance and security risk management processes. A whopping 78 percent of the enterprises surveyed are in the process or planning to replace them with advanced Integrated Risk Management (IRM) platforms in order to increase operational efficiency and audit accuracy, streamline remediation, gain improved visibility into enterprise risk posture, and ultimately make better investment decisions.

RiskVision uniquely addresses operational and security risk management needs of organizations in a single platform by harmonizing multiple frameworks to marry top-down risk modeling for enterprise domains and regulatory audit compliance with bottom-up controls automation for closed-loop threat, vulnerability, and incident remediation. RiskVision creates a repeatable, sustainable compliance program by mapping controls to multiple regulations, standards, and processes including SOX, PCI, ISO, NIST, FFIEC, NERC, HIPAA, FISMA, etc. This enables organizations to "test-once and comply-to-many" regulations. Beyond the automation of the governance processes, RiskVision enables organizations to make risk visible, measurable, and actionable in near real time. This leads to better investment decisions and improved operational efficiency. In the last year, Agiliance made significant innovations to the RiskVision platform, introducing a new set of connectors and recently, in RiskVision 7.5 made it possible to mine petabytes of operational and security risk data to manage near real time workflow, intelligence, and analytics - further driving business impact and performance. RiskVision was selected over its competition by two global financial services firms funding mid seven-figure transformation projects for line of business, third-party, and application risks. Proof of concepts showed RiskVision's modern architecture was 10 to 25 times better in scalability and sustainability, with an ROI and solution success rate deemed best-in-class. Today, RiskVision is the only production solution managing over 10,000 practitioners and 1,400,000 assets.

One Agiliance customer, Fiserv, reports that it can produce a detailed risk profile that previously took six months using its old manual process in only three months with RiskVision. The older method required 7-10 more staff members and cost Fiserv an additional half-million dollars. With RiskVision, Fiserv achieved $1 million in overhead savings per year, and their enterprise risk management team has gained credibility with management, regulators, and the board of directors.

Agiliance has been granted four patents; six additional are pending – all of which are a reflection of the innovative character of the RiskVision platform. In turn, the company and its RiskVision earned 32 industry accolades in 2014 alone, including the Security Products Magazine's 2014 Govies Platinum Award, 2014 Cyber Defense Magazine Most Innovative InfoSec Award, Government Security News 2014 Homeland Security Award, 2014 International Business Awards Stevie Winner, 2014 American Business Awards Stevie Winner, and 5-Star Rating in 2014 SC Magazine's Risk and Policy Management Group Test. The 2014 Deloitte Fast 500 ranked Agiliance one of the top 20 fastest growing security software companies for the second year in a row and the analyst community (e.g., Gartner and Forrester Research) describes RiskVision as the leading product in its category.

In bullet-list form, briefly summarize up to ten (10) of the chief features and benefits of the nominated product or service (up to 150 words).

- Unsurpassed scale on multiple levels: 10,000 users at one account; 1.4 million assets managed at one account; 300 million daily control checks conducted at one account; 57 million vulnerabilities managed at one account; 20+ data sources aggregated and normalized at one account

- Industry's First NIST Cybersecurity Framework Content Pack and Best Practices

- Offers essential building blocks for sound cyber security practices in a single platform: continuous monitoring capabilities via data aggregation and correlation, cyber risk visualization and prioritization based on business criticality, closed-loop remediation to ensure effective and efficient mitigation, and in the worst case scenario allow for swift incident risk response

- Common Control Framework allows for cross-mapping of controls between regulations and frameworks to eliminate redundancy and enable "test-once and comply-to-many"