Customers: Rsam GRC, Risk & Compliance Management Software, IT Security

Since 2003, Rsam has successfully implemented Governance, Risk, and Compliance solutions. Our client roster is an impressive listing of hundreds of marquee organizations across a variety of vertical industries as well as small-medium enterprises looking for structure and rapid, out-of-the-box deployment. Here is a just few examples of how our clients are using Rsam's powerful technology platform and solutions to achieve their business goals.

Fortune 500
Client Profile	Areas of focus	Rsam Implementation
Largest global entertainment and media enterprise	Assessment » Application Assessment » Vendor Assessment Compliance » PCI Data Security Standard » Policy Exception Tracking Vulnerability Tracking	Application The company implemented Rsam to conduct assessment of 1,000+ applications, vendors, and migrated data from their existing home-grown assessment tool. The assessment data was cross-referenced with the PCI DSS standards. The client uses Rsam to manage and tracks exceptions to policies and compliance areas, and to integrate vulnerability scan data with assessment data, to gain a complete overview of their security posture.
Global hospitality company with over 3,200 lodging properties located in the US and 66 other countries	Assessment » Application Assessment » Project Assessment » Risk Assessment Compliance » PCI Data Security Standard	The company implemented a complete risk and application assessment process beginning from project initiation through the accreditation, and certification. The Rsam Compliance module enables ability to integrate PCI Compliance data within the assessment process and cross-referenced with PCI data security standard requirements.
Largest global audit, assurance and consulting firm	Enterprise Risk Management » 10+ corporate GRC uses cases - Legal, CSR, etc. Assessment » Application Assessment » BCP Assessment Audit Automation » Onsite Audit Findings based on ISO 27000	The organization's ERM group replaced a home-grown GRC tool with Rsam for their various GRC uses cases across 100's of countries/territories. The Information Risk Group integrated data from the legacy system into Rsam for comprehensive assessments of application and business continuity processes, and related infrastructure elements within their network globally. Rsam for Audit Automation was implemented by the Audit
Global Federal Contractor	Assessment » Application Assessment » ASP/ Vendor Assessment Compliance » UCF Content Vulnerability Tracking	The federal contractor implemented Rsam to support assessment of thousands of ASP's/ vendors, and applications in addition to leveraging the UCF (unified compliance framework) within Rsam for multi-regulatory compliance. In addition, Rsam integrates scan data from various vulnerability and CMDB solutions with the client's assessment data to gain improved visibility into their overall security posture.
One of the largest combination natural gas and electric utilities in the United States	Assessment » Application Assessment » BCP Assessment Compliance » NERC Compliance » SOX (Sarbanes-Oxley) Vulnerability Tracking	The clients internal Information Risk Group implemented Rsam for Application & BCP Assessments, demonstrating compliance with NERC, SOX controls testing, and Vulnerability Tracking for their Governance, Risk, and Compliance initiative.

Small-Medium Enterprises
Client Profile	Areas of focus	Rsam Implementation
Regional Bank	Assessment » Application Assessment » Vendor Assessment Compliance » GLB Compliance » FFIEC	The company implemented Rsam to conduct assessments based on the FFIEC guidelines of applications and vendors, and cross-referenced this information with the GLB Compliance.
Mid-size Hospital System	Assessment » Application Assessment Compliance » HIPAA Security Rule	The company implemented a complete risk and application assessment process and cross-referenced this information to demonstrate compliance with HIPAA Security rule.
Long-term care provider	Incident Management	The company implemented Rsam to automate their incident management and response process. Rsam's user-friendly interface, strong workflow, and reporting capabilities, allowed for quick implementation across a large number of non-technical users.
Mid-size global provider of financial and business information	Policy Exception Tracking	The company selected Rsam to replace their home-grown tool to automate policy exception management program across multiple business units internationally.

Financial Services & Insurance Firms
Client Profile	Areas of focus	Rsam Implementation
One of the Largest US Banks providing Retail, Insurance and Brokerage Services.	Assessment » Project Assessment » Application Assessment » Physical/Site Assessment » Vendor Assessment Compliance » GLBA/FFIEC Compliance » ISO 17799	This large US Bank implemented Rsam for assessment of projects, applications, branches, and facilities. Rsam's Vendor Risk module created quick and repeatable process to identify, assess, & manage risks associated with third-party vendors using the BITS content. This client is using Rsam for demonstrating compliance in accordance with GLBA (Gramm-Leach-Bliley Act) and FFEIC standards affecting financial services firms.
$20b Global Financial Services Provider with Commercial / Retail Banking, Credit Cards, Investment Banking and Wealth Management Services.	Assessment » Application Assessment Compliance » SOX (Sarbanes-Oxley) » GLBA/FFIEC Compliance » Risk Register Various GRC initiatives	Rsam enabled this global financial services provider to perform assessments of over 1,200 applications and to measure and manage compliance initiatives across multiple standards and regulations including SOX testing. Rsam is also currently being used for various GRC initiatives by the client to support both business and IT GRC processes.
Largest Provider of Financial Outsourcing Solutions	Assessment » Application Assessment » Vendor Assessment Compliance » ISO 17799 Vulnerability Tracking	Implementation included solutions for conducting comprehensive and repeatable application assessments, standards-based compliance management, and managing risks associated with third-party vendors. Rsam for Vulnerability Tracking enabled a process to filter and record appropriate vulnerability data from existing scanning devices and penetration tests, and automation of the entire vulnerability remediation management process. The client selected Rsam to replace their comprehensive home-grown solution that was in use / development for five years.

Federal, State, and City Agencies
Client Profile	Areas of focus	Rsam Implementation
Federal Financial System Regulator Agency	Assessment » System Assessment » Threat Assessment Compliance » FISMA Certification & Accreditation » POA & M (Plan of Action and Milestones) Tracking	The regulating agency implemented a comprehensive system risk and threat assessment program with a detailed control testing process. Rsam's FISMA Compliance module enables the client to complete the process of Certification and Accreditation of Systems for FISMA Compliance, and includes ongoing (POA & M) tracking, reporting and management at the control, system, and organizational level.
Largest Public Healthcare Provider	Audit Automation Issues / Remediation Tracking	The organization selected Rsam's Audit Automation solution to supports their annual Security Audits of over 100 physical locations. Rsam Issues / Remediation module's built-in e-mail notifications, customized dashboards and API integration enables enterprise-wide visibility of the central findings repository from audits, questionnaires, and scanners, and develops/prioritizes remediation strategies and action plans.
Federal Energy Conservation Regulator	Assessment » Operator Self Assessment Compliance » Energy Regulations Issues / Remediation Tracking Vulnerability Tracking	This energy regulating body implemented the Rsam Platform as an internet-facing system to support ongoing self-assessment of thousands of independent operators. The Rsam Compliance module allows them to ensure compliance within their energy regulations. The clients internal Information Risk Group implemented Rsam for Application Assessments, Issues / Remediation Tracking, Policy Exception Management, and Vulnerability Tracking for their Governance, Risk, and Compliance initiative.

Biotechnology, Health Services & Pharmaceuticals
Client Profile	Areas of focus	Rsam Implementation
Leading Healthcare Provider and among Largest Catholic Healthcare Systems in the US	Assessment » Enterprise Systems Assessments Compliance » HIPAA Security Rule » PCI Data Security Standard	Rsam enabled the organization to conduct ongoing assessments of 600+ Systems across 60+ hospital locations with detailed risk profiling. Rsam's Compliance module lends a consistent and repeatable process to support HIPAA Security and PCI Data Security Standards.
Large Global Diversified Healthcare Company, specializing in medical devices, pharmaceuticals and biotechnology	Assessment » Systems Assessments Compliance » FDA Compliance	The company implemented Rsam's Assessment and Compliance modules to automate their comprehensive systems assessments process. The highly-regulated nature of their business called for a strict change management and SDLC process.
Independent Licensee of Blue Cross Blue Shield serving nearly 3 million members	Assessment » Application Assessment Compliance » HIPAA Security Rule Incident Management Various GRC initiatives	This large healthcare provider leveraged the Rsam Platform to implement an enterprise-wide incident management program to conduct ongoing assessments of applications and business processes in support of HIPAA Security compliance regulations. The client integrated the Rsam platform with various enterprise-wide healthcare GRC initiatives.

Education
Client Profile	Areas of focus	Rsam Implementation
Top Ivy League University	Assessment » Threat Assessment Audit Automation Compliance » HIPAA Security Rule	The university implemented Rsam for Audit Automation to perform audits against internal systems and processes. A comprehensive application threat assessment program supports compliance of applications and systems in accordance with HIPAA regulations.
One of the largest private universities in the US	Assessment » Information Risk Assessment Compliance » HIPAA Security Rule	This university implemented Rsam Assessments and Compliance modules for establishing repeatable and ongoing assessment of their security risk in the areas of information, assets, and departments in accordance with HIPAA Security requirements.
Large nonprofit organization that develops, administers, and scores more than 50 million tests and educational assessments annually	Assessment » Vendor Assessment Compliance » HIPAA Security Rule » PCI Data Security Standard Policy Exception Management	The organization selected Rsam to support systems and third-party vendor assessments focused on PCI Data Security, HIPAA Security Rule, and internal compliance. With Rsam's Policy Exception module, the client is file online exception request, approve/reject management recommendations, monitor expiration of approval requests, and report on status of all outstanding exception requests.

Technology
Client Profile	Areas of focus	Rsam Implementation
$100b+ Global Manufacturer of personal computers and portable devices	Assessment » Product Assessments Compliance » ISO 17799 » COBIT » SOX (Sarbanes-Oxley) » PCI Data Security Standard Vendor Risk Management	The company implemented Rsam for comprehensive enterprise-wide product assessments. Rsam was critical in demonstrating compliance to converging requirements including ISO 17799, COBiT and SOX. The Vendor Risk module allows the client to conduct comprehensive and repeatable application assessments, standards-based compliance, and manage risks associated with third-party vendors.
$60b Global Provider of mobility, desktop PCs, software and peripherals, servers and networking, services, and storage.	Assessment » Proprietary Application Assessments	Implementation of the Rsam Platform involved migration of all existing risk and controls categories to support custom Application Risk Assessments based on the client's proprietary risk assessment methodology.
World's leading of major home appliances, with 70,000 employees and manufacturing and technology research centers internationally	Assessment » Application Assessments » Data Assessments ERM Use Cases	The company leveraged Rsam to integrate all their information repositories to conduct assessments based on their data classification standards, The client leveraged the platform's open and adaptable framework to automate multiple GRC business processes.

Telecommunications
Client Profile	Areas of focus	Rsam Implementation
$50b Leading provider of cable, entertainment and communications products and services	Assessment » Line of Business Assessment Compliance » PCI Data Security Standard Audit Automation	The client implemented Rsam's Assessment and Compliance modules to automate an enterprise-wide business line assessment program while seamlessly enabling compliance with Internal Audit guidelines and PCI Data Security Standards.
$30b Cable Entertainment and Broadband Services provider with over 6 million customers and over 22,000 employees	Assessment » Application Assessment Compliance » PCI Data Security Standard Vulnerability Tracking	The company selected Rsam to enable conducting comprehensive and repeatable application assessments, and standards-based compliance management initiatives. The Vulnerability Tracking module filters and records appropriate vulnerability data from existing scanning devices, while automating the entire vulnerability remediation management process.
One of the largest IP network and hosting providers in the world PCI Data Security Standard	Compliance » PCI Data Security Standard Vulnerability Tracking	The company implemented Rsam to mange their PCI compliance assessment needs globally. Rsam's Vulnerability Tracking module enables them to track and management of vulnerabilities across thousands of hosts and managed-services clients.