Cyber Diversity Equity & Inclusion
GRC
Governance, risk and compliance (GRC) refers to a strategy for managing an organization's overall governance, enterprise risk management and compliance with regulations. Think of GRC as a structured approach to aligning IT with business objectives, while effectively managing risk and meeting compliance requirements.
GRC OVERVIEW
Governance, Risk, & Compliance
GRC is the capability, or integrated collection of capabilities, that enables an organization to reliably achieve objectives, address uncertainty, and act with integrity; including the governance, assurance and management of performance, risk, and compliance.
GRC includes:
-
corporate governance;
-
performance management programs;
-
risk management programs;
-
compliance programs;
-
internal audit departments;
-
information security programs;
​
Common security audits and frameworks:
-
PCI-DSS
-
SOX
-
ISO-27001
-
HIPAA
-
GDPR
-
CCPA
-
FERPA
-
DFARS
-
FedRAMP
-
RMF
-
COBIT
-
NIST 800-171
-
NIST 800-53
​
WANT TO GET INVOLVED?
Have a training resource to share? Would you like to partner and start a program to enrich the community? Get in touch!