The GRC industry in many ways was built on large company deployments. The big firms faced the most regulatory risk and were the prime opportunities early on. But medium- and small-size companies face a lot of regulatory risk as well, despite the Sarbanes-Oxley 404(b) reprieve they won via Dodd-Frank. And more GRC vendors are starting to target smaller companies with a variety of offerings, including more SaaS options.

For example, eGestalt recently rolled out SecureGRC SB, a patent-pending Cloud computing Saas application that helps to meet HIPAA and HITECH privacy and security rules aimed at small practices. "Small businesses need a cheap way to deal with HIPAA/HITECH compliance before they get slapped with fines. The only way is to go to the Cloud with a SaaS delivery model," says Anupam Sahai, president of the Santa Clara, Calif.-based vendor.

The company is offering the solution for just $500--which it hopes will prove to be a more than tempting price point. From there, eGestalt can upsell the clients on a host of other solutions.

The time may be right for small company sales initiatives. The economy is recovering and investment may soon follow. This amounts to a good marketing environment.

For more:
- here's the release

Related Articles:
Small companies rethinking approach to GRC
Regulatory explosion bodes well for GRC
Case study: Going beyond financials with GRC