Diligent One Platform (formerly Highbond) Reviews

The primary use case of the solution is analytics.

The most valuable feature is automation.

The solution has storyboards that allow us to create different dashboards.

Analytics such as ACO are good features. 

The report model was our main concern. I believe currently the solution uses a third party for the reporting. As part of a consulting firm, one of the challenges we face is the difficulty in producing reports that meet the expectations of our clients and customers. It would be beneficial if the focus could be shifted toward improving the reporting aspect. The impact report is a crucial aspect, as we only have one opportunity to create it. Galvanize HighBond can improve by generating more impact reports post-project, and allowing access to the reports using a web version, which would greatly benefit us.

The cost of the solution is expensive and needs improvement.

I have been using the solution for two months.

The solution can be deployed on-prem and in the cloud.

I give the stability a nine out of ten. I've never experienced any problems.

I give the solution an eight out of ten for scalability. There is room for improvement.

Technical support is available 24 hours seven days a week. The response time is good.

The biggest challenge lies in my limited knowledge regarding the strategy and compliance map. These concepts seem overwhelming and complex, making it challenging to comprehend the cloud aspect of building compliance, mapping controls, and executing API projects. There is a dire need for clear and concise guidelines to aid new learners in quickly grasping these concepts. However, the automation aspect is much simpler to use.

The time to deploy depends on the requirements of the client. Some of the deployments can take several months.

The implementation is completed in-house.

Regarding pricing, we are located in Africa where economic instability prevails and our currency continues to lose value due to inflation. The cost of the solution is high.  I give the cost of the solution a six out of ten.

I give the solution a seven out of ten.

The number of people needed for deployment and maintenance depends on the client's requirements. The larger the requirements the more people we require.

I recommend the solution to others.

GRC & IRM (integrated risk management). We use it for Assessments, Vendor Risk, and Threat and Vuln Management.

We have far more visibility into our compliance, risks and controls, etc. over the areas we are managing vs accepting risk.

Rsam has also been extremely helpful with the annual audits we receive from our regulators.

We used another tool before (Archer) but it was too cumbersome to manage. Rsam just requires a single administrator and is far easier to integrate.

We have used Rsam's out-of-the-box modules for:

• Vendor Risk Management
• Application Assessments
• Vulnerability Management
• Control Testing
• Incident Response
• Policy Management

We have also built our own modules using their slick application-building features for:

• Access Provisioning
• Advanced Threat Detection
• Custom Surveys

The most valuable feature is the management of risk & compliance data across the application. Searching, dashboarding, reporting and metrics (KRI / KPI) are quick and easy. Workflow and decision support is very clean and very dynamic.

Last time I said "Multilingual would be nice, and an update to their questionnaire interface.".. looks like in 9.2 they have this now. I have yet to try it.

We have encountered occasional stability issues, though they are quick to patch.

We have not encountered any scalability issues. That was an issue with our Archer implementation (about the 2 million record mark). Rsam with its indexing feature has us at 10 million with no issues.

Customer Service:

Customer service is excellent.

Technical Support:

Technical support is excellent.

We previously used Archer... but we had a lot of trouble with maintenance (required three administrators and lots of consulting to manage). We also ran into performance issues when we hit the 1-2 million record mark. We still have Archer for one group (because they spent millions on services and don't want to lose that effort), but everyone else is now Rsam.

GRC does require some planning / attention to detail. I would say Rsam was far easier than our Archer implementation... but it still had some complexities in deciding on organizational structure and workflow.

An Rsam team helped us with our first two modules, and we did the rest (including our own custom modules).

We went from three admins down to one... and millions in consulting down to about 60K.

For us, we found end-of-quarter motivation was helpful in negotiations. They are already reasonable compared to others because it doesn't require a lot of services. Some of the other products were cheaper for the software, but the total cost-of-ownership is very high.

• Archer (Our tool we were replacing.)
• 
  MetricStream (They are COMPLETELY CUSTOM builds for everything... not manageable.)
• LockPath (Company is too small / not easy to deal with. They have like four developers in the entire company.)

Rsam is a good solution... but make sure you have a good admin as well... A good admin is key to making a GRC solution work well (and you cant have ours). :)

• Vendor Risk Module & Vulnerability Management Module


• Flexibility of the platform


• Drag-and drop reporting


• Offline decision making

We used to use Archer, and switched to Rsam. In one year we were able to accomplish what we could not in our 3 year Archer contract. And we did it with 1/2 the consulting services and 1/3 the administrators. 

On a personal note, my team was feeling like we were going to get fired with so many Archer issues, but the Board received so much feedback on other failed Archer implementations that they gave us a shot to move on. I'm extremely happy we moved to Rsam.

While they don't need as much consulting to get the product implemented, I do wish they had more available. Need to schedule things in advanced, I would prefer more on-demand consulting.