top of page

GRC

Governance, risk and compliance (GRC) refers to a strategy for managing an organization's overall governance, enterprise risk management and compliance with regulations. Think of GRC as a structured approach to aligning IT with business objectives, while effectively managing risk and meeting compliance requirements.

GRC OVERVIEW

GRC-diagram.jpg

Governance, Risk, & Compliance
GRC is the capability, or integrated collection of capabilities, that enables an organization to reliably achieve objectives, address uncertainty, and act with integrity; including the governance, assurance and management of performance, risk, and compliance.

 

GRC includes:

  • corporate governance;

  • performance management programs;

  • risk management programs;

  • compliance programs;

  • internal audit departments;

  • information security programs;

​

Common security audits and frameworks:

  • PCI-DSS

  • SOX

  • ISO-27001

  • HIPAA

  • GDPR

  • CCPA

  • FERPA

  • DFARS

  • FedRAMP

  • RMF

  • COBIT

  • NIST 800-171

  • NIST 800-53

​

SECURITY AUDITS

GRC_Framework.png

Check out the following links for resources related to the following security audits and frameworks:

WANT TO GET INVOLVED?

Have a training resource to share? Would you like to partner and start a program to enrich the community? Get in touch!

bottom of page