IT governance, risk, and compliance (GRC) vendors continue to show strong technical and strategic advances, while the market itself still struggles to define its direction. A small set of vendors compete frequently against one another, some placing their bets on delivering breadth of functionality, some on quick time to value, some on flexibility, and some on consulting expertise — but rarely all of these at the same time. Forrester evaluated eight of the top vendors in the IT GRC space using 59 criteria, with RSA Archer, Agiliance, Rsam, Symantec, and Modulo all landing in the Leader category; Easy2Comply and ControlCase earning spots as Strong Performers; and ANXeBusiness coming in as a Contender.