Configuration Vs Customization: Why Not All Software Solutions Were Created Equal

5 Min Read

There’s a common misconception when businesses are implementing a new Governance, Risk and Compliance (GRC) software solution that customization is the only answer to build a solution capable of meeting their unique requirements. This flawed view overlooks another option that allows them to make alterations in a robust, scalable, and dependable manner: configuration. But what’s the difference?

You would be forgiven for thinking the two are interchangeable. Not only do they both begin with ‘c’ and contain 13 letters; their definitions seem indistinguishable: customise is “to modify or build according to individual or personal specifications or preference.”; configure is “to design or adapt to form a specific configuration or for some specific purpose.” Still confused?

If we take them in the context of implementing GRC software, however, things become clearer:

  • Configuration: when you purchase a GRC software solution, it’s often delivered out-of-the-box, pre-loaded with best-practice functionality. To adapt the existing functions to your preferences, you can configure them using existing tools and applications within the software. Configuring the software doesn’t require coding or programming and doesn’t influence how your software operates.
  • customization: businesses choose GRC software solutions based on the capabilities they need, but often the perceived need of a business means they believe the functionality falls short. customization enhances the software’s range of operations so it can offer a tailored user experience. This is achieved using coding, resulting in fundamental changes to the baseline system. Developers must modify the programme or write new code to make the software do something it currently can’t for one specific use case.

To put it simply: software customization occurs when you are required to work ‘outside’ the application to make changes; while software configuration occurs when you can make changes to the software and adapt it to meet your requirements by working ‘inside’ the application using tools that already exist within it.

Configuration Vs Customization

Armed with that knowledge, it’s time to decide which option will work best for your business. To ensure you make an informed decision, you must fully understand the advantages and disadvantages of both:

Advantages of configuration

Perhaps the most obvious benefit of software configuration is personalisation control. Users can quickly learn how to configure intuitive software to meet their specific business requirements. This empowers users to take control and make changes to the system at any time without delay. Unlike customization, which requires external technical resources to execute, configuration delivers the necessary flexibility to stay ahead in a dynamic GRC landscape and scale as required.

Whereas customization drives up costs when additional changes are requested – which can also take a considerable time for a developer to complete due to their technical nature – configuration leads to an overall cost reduction thanks to system ownership. Consequently, simple changes – such as updating forms and amending reports – can be made quickly with no additional cost associated and without risk, using tools within the application. Furthermore, accompanying software upgrades occur automatically because the underlying code and architecture remain unchanged, allowing you to generate more value from your purchase.

Configurable solutions are typically easier to integrate, especially if the software provider offers Application Programming Interfaces (APIs). The use of APIs also ensures future releases will be integrated seamlessly as the primary software solution evolves. With customization, however, there is no guarantee that the software will upgrade smoothly or that integrations based on customised code will work without further support.

Disadvantages of configuration

Relying on software configuration alone would limit your business to the existing functionalities of a given system. If your software solution doesn’t include the functionality to amend a particular widget, menu, table etc. then a small amount customization would still be required. But ultimately less customization, equals less cost, so selecting a highly configurable system can save costs in the long run as business requirements evolve and changes are needed over time.

Configuration requires some internal staff to understand how to make changes to the solution. Therefore, ‘super users’ would need to be trained by the vendor.

Advantages of customization

customization ensures your GRC software is tailor-made to the specific requirements of your business. The software is yours alone, meaning there’s no other like it, allowing you to incorporate any bespoke requirements without constraints. A team of highly skilled developers will adapt the solution and collaborate with you to make the application suit your needs, enabling you to make unlimited changes. And because the software is closely aligned to your processes, it will fit seamlessly into the way your teams work.

With this approach, you will need a skilled and dependable technical support team that was involved in the development of your application from the outset. They understand your software inside out and possess the expertize to add complex functionality that accommodates your internal processes and can address any issues that arise. This comprehensive support means you won’t need to train anyone in your team to customise the solution, however it can be expensive and cause delays as you are reliant upon the outsourced third party making the time available to make changes.

Disadvantages of customization

Software customization can consume two vital business assets: time and money. customization requires huge financial investment to execute effectively. Highly customised solutions typically require a team of experienced developers, designers, project managers, and quality assurance engineers, resulting in huge professional services fees. These fees can mount up due to the sheer length of time the software takes to develop and implement – from lengthy meetings to discuss requirements to the time it takes to test the software from a user perspective, prices can increase at a sharp rate.

GRC implementations are never going to be an overnight process; however, failure to plan and execute them effectively can result in unnecessary and costly delays. For example, shortcuts taken during the vendor selection process can fail to highlight shortcomings in their out-of-the-box solution – potentially prolonging the implementation process as customization then becomes required.

Unnecessary customization requirements can restrict the software’s time to value by increasing the length of time necessary to implement the software and realise the benefits of the solution. Standard patch updates in the solution may not work if you have heavy customization meaning you may potentially miss out on additional functionality added by the vendor.


One of the reasons Camms has grown so rapidly and been so successful in the GRC space is due to the autonomy we offer our clients around configuration. Our software products are highly configurable out-of-the-box, giving users flexibility and control over their own system.

Our software streamlines administrator’s workload by allowing them to make necessary changes with ease. By empowering admins to manage dynamic configuration requirements seamlessly, the platform can adapt in tandem with your business.

Of course, here at Camms we have a team of highly skilled, experienced developers on hand to customise any specific requirements, but the majority of our clients are happy that they have a solution that meets their needs with very minimal customization, therefore saving copious amounts of time and money.

Camms.Risk, our industry-recognised, cloud-based software solution offers a comprehensive integrated approach to GRC. It is fully scalable and configurable using APIs, providing you with the agility to align the platform with your business’s unique requirements. The list of disparate data sources you can integrate through Camms suite of tools is compelling and includes, but is not limited to, financial systems, HR systems, KPIs, document management systems, CRM systems and your active directory.

These APIs enable interaction and data sharing across critical business areas, including staff, financials, projects, incidents, and operations and of course risk, compliance and IT security. This provides access to a single source of oversight and demonstratable proof that drives a truly effective GRC programme.

If the complexities of your GRC solution are negatively impacting your business and resulting in unforeseen costs it might be time to look at a viable alternative. When it comes to highly configurable solutions like Camms, the power and control really is in your hands. Request a demo of Camms.Risk to find out more.

Andrew Mercker

Business Development & Strategic Partnerships

Share blog post

Subscribe to our newsletter


You might also like…

Scroll to Top