reprints2.forrester.com
Open in
urlscan Pro
2606:4700:90:0:ad53:2d25:62a9:163a
Public Scan
Submitted URL: https://email.b2btechinsight.com/c/14qczNm5itnEENThgxEOmUo1IAnCs
Effective URL: https://reprints2.forrester.com/
Submission: On April 22 via api from US — Scanned from DE
Effective URL: https://reprints2.forrester.com/
Submission: On April 22 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
The Forrester Wave™: Third-Party Risk Management Platforms, Q1 2024 The Forrester Wave™: Third-Party Risk Management Platforms, Q1 2024 Wave Report The Forrester Wave™: Third-Party Risk Management Platforms, Q1 2024 February 26, 2024 The 13 Providers That Matter Most And How They Stack Up February 26, 2024 AVAlla Valente with Amy DeMartine, Caroline Provost, Peter Harrison Summary In our 24-criterion evaluation of third-party risk management (TPRM) platform providers, we identified the 13 most significant ones and researched, analyzed, and scored them. This report shows how each provider measures up and helps risk, security, and compliance professionals select the right one for their needs. TOPICS TPRM Platforms Clear The Path For Innovation And Business Growth Evaluation Summary Vendor Offerings Vendor Profiles Evaluation Overview Supplemental Material TPRM Platforms Clear The Path For Innovation And Business Growth While organizations accept TPRM as an aspect of their risk management process, it has historically lacked the visibility, prioritization, and executive support of other risk domains. However, the frequency and magnitude of third-party risk events are finally gaining the attention of senior executives and boards of directors for all the wrong reasons. In 2023 alone, a third-party software vulnerability, MOVEit, impacted more than 2,600 organizations and counting; the implications of war disrupted global supply chains yet again; and regulators were not shy about penalizing organizations that failed to provide adequate oversight of their third parties. Yet, third parties continue to be essential for financial growth, customer experience, and innovation — including AI, which enters organizations by way of foundation models, pretrained data, and open-source LLMs acquired from third parties. TPRM is shifting from a nice-to-have tool for compliance checks and onboarding automation to a must-have technology for leveraging the benefits of third-party relationships without creating undue risk to the organization, complete with new AI-enabled use cases and the ability to support the entire lifecycle of a third-party relationship. As a result of these trends, TPRM customers should look for providers that: * Scale by blending screening with risk assessment. Third-party ecosystems are only getting bigger and placing additional pressure on TPRM teams to keep up with the volume of assessments and monitoring required for a holistic TPRM program. Although speed is critical, vendors that calculate risk by aggregating external data points and market intelligence without applying assessment data lack the business context to be meaningful. Similarly, vendors that only provide questionnaire-based assessments can’t scale or support ongoing monitoring efforts. Differentiated vendors address assessment fatigue without compromising accuracy by blending screening data and dynamic assessment automation with AI-based features to enrich, validate, and continuously monitor changes in third parties’ risk profiles. * Create seamless flow from risk identification to risk response. Even the most successful risk identification process will have little to no impact on lowering third-party risk if the results are never acted upon. It’s the speed and quality of risk response that will lead to positive outcomes and determine TPRM program success. Capabilities that connect risk intelligence with risk response set the vendors in this market apart. On-par vendors use advanced automation to log issues and launch corrective action plans when specific thresholds are exceeded — or during predefined events such as a breach. However, differentiated vendors take it one step further to recommend specific remediation plans based on third parties’ profiles, risk event details, or historical success of the remediation plan. * Focus on usability for third parties and internal stakeholders. TPRM platforms that lack usability will fail to gain the level of adoption required for program success and will ultimately be replaced by TPRM platforms that are easy to use. According to reference customers, ease of use influences TPRM buying decisions more than breadth of capabilities, executive support, or price. Savvy vendors provide a high degree of usability while balancing the needs and expectations of a range of users, including administrators, analysts, business users, executives, and third parties. Once considered the pinnacle of usability, personalized dashboards along with role-based UIs are no longer sufficient to keep users expeditiously moving through the assigned tasks. Vendors with superior usability meet WCAG 2.1 UI accessibility standards, have an interactive chatbot to answer questions and guide users through the process, and offer a mobile app. For third parties, a dedicated portal that allows them to complete assessments, provide evidence, identify issues, share ideas, and collaborate directly with TPRM pros makes the process less painful and more collaborative. Evaluation Summary The Forrester Wave™ evaluation highlights Leaders, Strong Performers, Contenders, and Challengers. It’s an assessment of the top vendors in the market; it doesn’t represent the entire vendor landscape. You’ll find more information about this market in the following reports. The Third-Party Risk Management Platforms Landscape, Q4 2023 Cybersecurity Risk Ratings Remain A Valuable Piece Of The Third-Party Risk Puzzle The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q4 2023 We intend this evaluation to be a starting point only and encourage clients to view product evaluations and adapt criteria weightings using the Excel-based vendor comparison tool (see Figures 1 and 2). Click the link at the beginning of this report on Forrester.com to download the tool. Figure 1 Forrester Wave™: Third-Party Risk Management Platforms, Q1 2024 Figure 2 Forrester Wave™: Third-Party Risk Management Platforms Scorecard, Q1 2024 Vendor Offerings Forrester evaluated the offerings listed below (see Figure 3). Figure 3 Evaluated Vendors And Product Information Vendor Profiles Our analysis uncovered the following strengths and weaknesses of individual vendors. Leaders * ProcessUnity overhauls strategy and innovation to shed its “legacy” moniker. ProcessUnity is a mature product, but to call it a legacy tool ignores a differentiated roadmap, commitment to innovation, and the strongest overall feedback from reference customers. With its CyberGRX acquisition, the vendor blends a mature solution with sophisticated automation with a global exchange and AI-driven due diligence and monitoring. The approach is risk based, begins with data, prioritizes reducing questionnaire fatigue, and leverages AI to augment resource constraints. Innovation includes an AI Policy Evaluator to score policy evidence for relevance to a risk framework. Its base implementation for low-maturity customers offers out-of-the-box features, data loading, and online training at no additional cost. ProcessUnity boasts high adoption but would benefit from more engagement with the customer community. ProcessUnity is known for flexibility to support sophisticated processes. With its new WCAG 2.1-compliant UI, integration with the Global Risk Exchange, and library of “automated actions” to move workflow without human intervention, the platform now supports TPRM teams at all stages of maturity. Strong risk-response capabilities include automated creation of issues when ratings change and preconfigured dashboards that prioritize and track remediation schedules. A customer-branded portal for third parties facilitates collaboration and is localized to their native language, and role-based dashboards can aggregate risk at the enterprise level, segment by risk domain, and drill down into the service level. Reference customers gave high marks for configurability, interoperability, and usability, but they noted the need for more AI features. ProcessUnity is a good fit for buyers seeking a comprehensive solution across all risk domains. * MetricStream addresses CX challenges and orients strategy around cognitive innovation. MetricStream’s efforts to improve inconsistencies in customer experience and support have paid off. The innovation strategy is driven by the goal of enhancing customer value, adoption, and experience. It’s supported by a diverse partner ecosystem, an active customer community, and supporting services such as enhanced due diligence, benchmarking, and evidence validation delivered by in-house teams and partners. The roadmap includes unique features, such as third-party risk quantification, autonomous assessment, and AI-based risk treatment, but is out of step with customer maturity; the vendor reported that a low percentage of customers currently leverage its many sophisticated features. MetricStream relies heavily on partners for implementation, and all configuration comes at an additional cost. MetricStream offers TPRM as a module within its governance, risk, and compliance (GRC) platform. It stands out for strong conformality backed by its low-code platform and supports multiple risk-response strategies, including acceptance, remediation, and transfer based on risk appetite and preset tolerance level. Features to support the third-party risk lifecycle are robust but require more configuration than others we evaluated. Usability is backed by a native mobile app and e-learning, but reference customers call out its lack of finesse and point to more out-of-the-box views and reporting options as areas to prioritize on the roadmap. References also give the vendor high marks for quality of support and responsiveness but point to limited out-of-the-box capabilities that impact the time to value. MetricStream is a good fit for buyers looking to consolidate on a single platform and those with the need, budget, and patience for the customization journey. * ServiceNow expands beyond IT vendor risk and connects key stakeholders. ServiceNow takes a broad view of third-party risk that encompasses all external entities, including customers. Its strategy builds on the success of its vast suite of products to weave third-party risk management into business priorities and connect key stakeholders across the organization around the TPRM lifecycle. The strong vision is supported by an expansive partner ecosystem that has built a library of certified applications, content, and integrations available for purchase in the ServiceNow Store and a highly engaged customer community. Its pricing model is opaque with upcharges for features that come standard in other products. Implementation is primarily managed by partners, which drives up costs and can lead to implementation complexity. Reference customers expressed the need for better, more readily available training materials. Among ServiceNow’s strengths are strong features to communicate and collaborate on risk internally and with third parties. Persona-based workspaces enable multiple internal stakeholders to work on an assessment concurrently. A customer-branded portal offers third parties multilingual support, a chat feature, and the ability to comment directly within the question. Risk can be aggregated enterprisewide, segmented by risk domain, and viewed by geographical concentrations. Native conditional logic progresses workflow, but AI-driven workflows come at an additional cost. The vendor did not demonstrate monitoring capabilities. Reference customers cited the UI as an area for improvement and requested more AI features bundled into the product. ServiceNow is a good fit for enterprises using its other products and those without budget constraints. Strong Performers * Aravo sets its sights on AI, but UI and integration require more immediate attention. Aravo goes to market with a comprehensive platform, available in 39 languages, that supports all stages of the TPRM lifecycle. The vendor primarily targets procurement, risk, and compliance at enterprise organizations with prepackaged solutions to guide customers through the maturity journey supplemented by program metrics, benchmark data, and a range of data and resources to fuel adoption. Services are used for quality assurance and benchmarking plus on-demand resource augmentation for midmarket customers. Aravo’s vision to ease assessment fatigue is supported by an aggressive roadmap. Except for a mitigation library for standardized corrective action by risk domains, most of the roadmap is either on par or lists capabilities already present in the market. Execution on its AI-centric innovation strategy could hit a snag as customers await new non-AI features from the backlog, which reference customers note are slow to occur. Aravo’s end-to-end offering has several unique features, including role-based personalization of the third-party inventory and a customer-branded vendor portal with Zoom integration for communication and collaboration with third parties. Preconfigured offboarding workflow sends notice of termination to appropriate stakeholders, captures attestation of data privacy and records destruction requirements, and documents end-of-contract evaluations. Autodiscovery of unknown fourth parties and the ability for third parties to receive questionnaires in the language of their choice are unique features. Reference customers requested a better and more customizable UI and noted that integrations required manual effort despite recurring configuration. They also asked for improved workflow, reporting, implementation services, and responsiveness to feature requests. Firms seeking a more structured approach to TPRM should consider Aravo. * Archer vastly improves strategy and innovation, but legacy features hamper execution. Archer’s 2023 acquisition by private equity firm Cinven provides a new strategic direction and focus for third-party risk. Archer’s strong vision is clear: TPRM must scale, encompass nontraditional entities, and engage business users with limited risk experience. Archer now appears keen to invest in innovation and a fresh roadmap that includes integration with Mapbox for asset visualization and projected features that would overlay it with real-time events, geofencing, and ESG data; connect to the AWS service catalog; and add major enhancements that would turn the Archer Exchange into a self-service hub for third parties. However, Archer has not yet addressed its opaque pricing model; its strategy to improve adoption is through configuration; and customers are slow to migrate to its SaaS platform, where new features are available. The Archer platform is configurable and versatile, and it can quickly adapt to market changes. Strengths include multidimensional assessment that supports third-party risk evaluation and analysis at the entity, project, and portfolio levels for multiple risk domains. Strong capabilities for fourth-party risk feature assessment, workflows, and approvals, plus the ability to visualize their dependencies and geographical concentrations. Strong offboarding includes termination status triggers and deprovisioning workflows that can push notifications to other internal systems. However, Archer lacks a customizable vendor portal, did not demo breadth of workflow, and requires customers to keep out-of-the-box configurations to consume the new features. Reference customers pointed to reporting output limitations and said that the UI was neither intuitive nor modern. Archer is a good fit for financial services firms and those replacing spreadsheets. * LogicGate brings a flexible platform with a new UI but can quickly become overbuilt. LogicGate’s vision centers on the urgency to automate, scale, and mature TPRM programs with a well-funded innovation strategy focused on solving fewer, but bigger, problems for customers. Its roadmap is customer-centric and segments features for end users, program owners, and executives — but is on par with competitors. LogicGate has made significant strides engaging the customer community, and reference customers gave it kudos for overall responsiveness. LogicGate offers white-glove deployment and implementation in 90 days, but its overreliance on in-house implementation impacts its ability to scale, and it falls short on supporting services. LogicGate boasts an intuitive no-code platform that’s easily customizable plus a newly redesigned UI that supports WCAG 2.1 accessibility, a visual builder interface, and role-based personalization. LogicGate also received high marks for interoperability with several native Risk Cloud integrations and an open API. However, the vendor lacks native capabilities for assessing fourth parties and does little to support third-party risk during the selection and procurement process, and reference customers noted that the UI flexibility can easily become overbuilt and clunky. The extent of the inventory is a dashboard of active third parties with search and filter that take time and effort. LogicGate did not demonstrate capabilities for tiering, segmentation, or multidomain assessment features. LogicGate received high scores from reference customers for configurability, but they noted that a lack of out-of-the-box elements and best practices required a lot of work on the user’s part to build. LogicGate is a good fit for TPRM teams that appreciate flexibility and don’t mind the effort. * Venminder prioritizes innovation strategy, but customers want the basics done right. Venminder is singularly focused on TPRM throughout the lifecycle and bundles software, services (Vendiligence), and risk intelligence (Venmonitor) into a single contract. The commercial model is based on company size; comes in two sizes (professional and enterprise); and offers unlimited users, vendors, contracts, assessments, and support. The innovation strategy is backed by dedicated budget, a balance of cool versus usable features, and proofs of concept by the customer advisory board. The roadmap includes predictive assessments and contract management with DocuSign integration. All implementation is done by in-house teams, which impacts Venminder’s ability to scale. Venminder stands out for its configurability, which customers generally find intuitive and easy. In-app guidance and unlimited access to in-house subject matter experts fuel adoption. The vendor also provides remote admin capabilities and supports enhanced due diligence, assessment, and monitoring through Virtual Vendor Management services. The current offering is mostly on par, with some areas that require more work: Modules for assessment, onboarding, and monitoring don’t speak to one another and fail to trigger workflow or corrective action. Reference customers find the reporting rudimentary (for example, the inability to report on workflow status) and would like to see the vendor mature current functionality, emphasizing the need to “get the basics right.” TPRM buyers looking for a cost-effective one-stop shop with unlimited support should shortlist Venminder. * NAVEX is a flexible platform that works but lacks innovation and a modern UI. Third-party risk management is a module in the NAVEX IRM platform — acquired in 2019 from Lockpath and integrated with RiskRate, the vendor’s screening and monitoring tool available at an extra cost. Embedded interactive guidance helps users understand and adopt new features; the vendor maintains a healthy customer community featuring a customer council and advisory board; and it earns high praise for vendor responsiveness. NAVEX’s innovation strategy is on par; however, the roadmap primarily focuses on GRC features, which sets NAVEX back from others in this market, considering that the UI and reporting/visualization are dated, and customers find it insufficient for marketing or impressing senior leadership. The vision revolves around GRC without accounting for the unique needs of the TPRM market. What NAVEX lacks in strategy and roadmap, it makes up for in its current offering, with strong capabilities for risk response, ongoing monitoring, workflow, configurability that features automated triggers for corrective action plans based on predefined thresholds or external events, and continuous monitoring against more than 50 categories through RiskRate integration. The vendor comes up short in terms of fourth-party assessment, offboarding, and UI, but reference customers look beyond its veneer, highlighting evidence of its effectiveness. Current NAVEX GRC customers, and those looking for a simple and flexible workflow and who can look past the window dressing, should consider NAVEX. * OneTrust has a clear vision, but execution requires improvements to the basics. OneTrust excels at predicting where the TPRM market is going, but after a year of company and product changes, it might have a tougher time getting there first. OneTrust has a clear vision of the TPRM market shifting from point-in-time assessment to real-time risk analysis, but aside from future integration with SEC breach filings, its roadmap and innovation strategy are no longer unique. Features such as a vendor exchange and the ability to autocomplete questionnaires using NLP-extracted data are now on par with the market. Although OneTrust maintains a diverse partner ecosystem and offers a range of supporting services, reference customers gave OneTrust low marks for ROI and quality and accessibility of training. The Trust Platform can auto-tier third parties based on inherent risk score from intake forms to determine the level of rigor required during assessment and pull information on the third party from its profile in the Third-Party Risk Exchange. However, the vendor lacks a dedicated vendor portal, and customers highlight that the Exchange lacks integration with assessment workflow and only covers a small percentage of the supplier universe. Dashboards can track performance metrics and depict third-party engagements by concentration risk, but the search function is inconsistent across modules. Reference customers note that reporting needs attention and expressed the desire to see better interoperability with prebuilt workflows and more mature issue management. OneTrust is a good fit for buyers that prioritize process efficiency or have a regulatory compliance focus for TPRM. * Diligent nails screening and monitoring, but full TPRM value requires platform migration. Diligent Third-Party Manager, a screening and due diligence tool, is a rebrand of Steele Compliance, acquired in 2021. It is separate from the assessment-based IT Vendor Risk Manager that sits atop the HighBond platform acquired from Galvanize the same year. Diligent’s strategy is to merge all of its acquisitions onto the common Diligent One platform, which would deliver a boost to reporting, workflow, and assessment capabilities. The innovation strategy with AI-driven capabilities is on par, but the roadmap improvements to UI, vendor portal, and enhanced questionnaires show that Diligent is playing catch-up. Reference customers also called out improvements to customer service and product dependability as areas to prioritize. Diligent Third-Party Manager stands out for its speed and accuracy of screening and its ability to monitor internal and external data sources to track threats, risk events, and changes in the business environment, such as geopolitical fluctuations. Strong AI-powered tools for proactive media-based risk monitoring and due diligence services delivered by experienced investigators are value-adds for customers with limited resources. However, capabilities to identify, evaluate, and communicate risk fall flat. Natively, it can only assess at the entity level; the tiering and segmentation is mostly manual; and scoring only incorporates assessment data at a user’s request. The vendor did not demonstrate enterprise-level risk aggregation, and customers pointed to subpar interoperability and reporting/visualization. Diligent is a good fit for TPRM programs that prioritize external data sources over assessments or those that currently use or are evaluating Diligent for GRC. Contenders * Exiger scores on external intelligence but misses on risk analysis and mitigation. The 1Exiger Platform for sourcing, onboarding, and monitoring targets procurement; supply chain; and CISOs in the public sector, critical infrastructure, and defense manufacturing. Products include AI-based research and data aggregation (DDIQ), one-click onboarding, and a workflow engine (Insight 3PM), and it differentiates with item/parts/materials mapping (SDX) and software supply chain risk management (Ion Channel) that are sold separately. The pricing model is based on quantity of third parties, company size, and program maturity. An abundance of external market intelligence and a well-rounded partner ecosystem enhance visibility and support a range of use cases. Despite a strong innovation strategy, the vision is overly tactical, the roadmap is light on critical risk analysis and reporting features, and the adoption strategy is underwhelming. Exiger is strong in terms of ongoing monitoring with AI-powered data collection, deduplication, and entity resolution, and it can flag when portfolio-level risk exceeds the organization’s risk appetite. Auto-tiering based on predefined parameters and onboarding workflow triggers subsequent qualifications/screening requirements based on inherent risk. The executive reporting is solid but not unique, and reference customers highlight the lack of custom reporting. Exiger also lacks several key elements for this market, including a dedicated and customizable portal for third parties as well as native capabilities to assess risk — not just screen against multiple risk domains — and it has subpar risk mitigation. Customers cited UI upgrades and better overall usability as areas to focus on. Exiger works best when TPRM efforts focus on due diligence and onboarding or at organizations with complex supply chains. * Prevalent embraces an AI strategy, but its overly tailored solution lacks configurability. Prevalent’s purpose-built platform strives to take the pain out of TPRM. In 2023, Prevalent’s AI-driven product strategy, which includes Alfred, the AI-powered virtual advisor, is complemented by Intelligence Networks and Third-Party Marketplace for third parties to share data as well as services to augment resources, perform specific functions such as validation and incident response, or to fully outsource the TPRM function. Despite its broad offering, Prevalent lacks broad market share. Overly tailored solutions that appeal to low-maturity buyers or those that have had limited success with TPRM technology in the past (and seek more handholding than product flexibility) have not taken off. Future success will require Prevalent to support more sophisticated customers with ease of configuration and greater control. Prevalent is a well-rounded solution with strong capabilities to monitor internal sources for changes in risk scores and external events that could impact their compliance and resilience, such as active news, financial records, and breach reports. It offers a preconfigured library of assessment templates and can parse and autopopulate information from SOC 2 reports directly into the questionnaire. However, the overly tailored solution lacks ease of configurability and offers limited ability to create or modify workflows, dashboards, and reports and lacks a range of native visualizations compared with others in this evaluation. TPRM buyers who are starting their journey, have a compliance focus, or are seeking services to do the heavy lifting should consider Prevalent. Prevalent declined to participate in the full Forrester Wave evaluation process. Challengers * IBM makes TPRM part of holistic GRC but struggles to attract standalone customers. IBM tackles third-party risk by aligning operational and security activities of third and fourth parties with business processes. The vendor targets top-tier global organizations in industries where third-party risk heavily focuses on operational resilience with multiple deployment options, including on-premises and private SaaS hosted on IBM Cloud, which comes at a premium. The native SaaS offering just launched in November 2023 but, due to the price differential, is unlikely to get uptake until contracts are renewed. Built on the OpenPages platform, the TPRM module benefits from advanced analytics, a unified risk register, and a common UI. However, the innovation strategy to integrate with the IBM watsonx platform has failed to yield AI-driven features for TPRM that are unique or differentiated. Despite a strong partner ecosystem, IBM has fewer native connectors to external providers than others in this evaluation. IBM’s strengths include a library of preconfigured workflows to initiate an RFI process, track contract negotiations, and trigger onboarding after due diligence is completed and the contract is signed. Cognos Analytics, the native data visualization tool, and the ability to prioritize risk based on quantitative data inputs or analysis against risk appetite, are also sound. A chatbot assistant can answer questions, perform natural language searches, and provide links to additional resources, but the feature must be configured through Watson integration, comes at an additional cost, and is only available to customers using version 8.2 or later. IBM is a good fit for TPRM teams with a strong focus on operational resilience or those using OpenPages for GRC. IBM declined to participate in the full Forrester Wave evaluation process. Evaluation Overview We grouped our evaluation criteria into three high-level categories: * Current offering. Each vendor’s position on the vertical axis of the Forrester Wave graphic indicates the strength of its current offering. Key criteria for these solutions include the risk management lifecycle, including identification, evaluation, response, monitoring, and communication; sourcing and selection; due diligence and onboarding; offboarding and deprovisioning; fourth-party risk assessment; multidimensional risk assessment; interoperability; workflow; reporting and visualization; configurability; and usability. * Strategy. Placement on the horizontal axis indicates the strength of the vendors’ strategies. We evaluated vision, innovation, roadmap, partner ecosystem, adoption, community, and supporting services and offerings. * Market presence. Represented by the size of the markers on the graphic, our market presence scores reflect each vendor’s revenue and number of customers. Vendor Inclusion Criteria Each of the vendors we included in this assessment: * Offers breadth of functionality aligned with Forrester’s ERM success cycle model. Every vendor has a substantial breadth of capabilities to identify, evaluate, respond to, monitor, and communicate enterprisewide third-party risk and compliance across multiple risk domains. * Supports third-party risk management throughout the relationship lifecycle. Every platform supports identification and mitigation of risk from the ecosystem of third-party relationships at every stage of the third-party lifecycle, including precontract award, due diligence, selection and contracting, onboarding, continuous monitoring, and termination. * Aligns third-party risks with business strategy and resilience. These TPRM platforms have a cumulation of workflow, analysis, reporting, and integration capabilities to address the needs of risk and compliance professionals across multiple industries and risk domains. We consider solutions that only offer some, but not all, of these capabilities to be point solutions, not TPRM platforms. * Has mindshare and market presence. All vendors maintain at least 75 active customers as measured by individual logos specifically leveraging the vendor’s TPRM offering, not the number of deployments. These vendors had a minimum of $10 million in annual revenue from their TPRM offering, exclusive of their other modules and/or products. Supplemental Material Online Resource We publish all our Forrester Wave scores and weightings in an Excel file that provides detailed product evaluations and customizable rankings; download this tool by clicking the link at the beginning of this report on Forrester.com. We intend these scores and default weightings to serve only as a starting point and encourage readers to adapt the weightings to fit their individual needs. The Forrester Wave Methodology A Forrester Wave is a guide for buyers considering their purchasing options in a technology marketplace. To offer an equitable process for all participants, Forrester follows The Forrester Wave™ Methodology to evaluate participating vendors. In our review, we conduct primary research to develop a list of vendors to consider for the evaluation. From that initial pool of vendors, we narrow our final list based on the inclusion criteria. We then gather details of product and strategy through a detailed questionnaire, demos/briefings, and customer reference surveys/interviews. We use those inputs, along with the analyst’s experience and expertise in the marketplace, to score vendors, using a relative rating system that compares each vendor against the others in the evaluation. We include the Forrester Wave publishing date (quarter and year) clearly in the title of each Forrester Wave report. We evaluated the vendors participating in this Forrester Wave using materials they provided to us by December 5, 2023, and did not allow additional information after that point. We encourage readers to evaluate how the market and vendor offerings change over time. In accordance with our vendor review policy, Forrester asks vendors to review our findings prior to publishing to check for accuracy. Vendors marked as nonparticipating vendors in the Forrester Wave graphic met our defined inclusion criteria but declined to participate in or contributed only partially to the evaluation. We score these vendors in accordance with our vendor participation policy and publish their positioning along with those of the participating vendors. Integrity Policy We conduct all our research, including Forrester Wave evaluations, in accordance with the integrity policy posted on our website. About Forrester Reprints https://go.forrester.com/research/reprints © 2024, Forrester Research, Inc. and/or its subsidiaries. All rights reserved. This website uses cookies to deliver functionality and customize your experience. By using this website, you are agreeing to our use of cookies. View our cookie policy for more details. Accept cookies