GRC is an acronym of Governance, Risk management and Compliance.
GRC of every organization is different and varies based on the type of organization.
It depends on organization mission, size, industry, culture and legal regulations.
Ultimate responsibility of GRC program is to protect their assets and operations, including their IT infrastructure and information.
Governance
It is the responsibility of the board of directors and senior management of organization.
A governance program has several goals:
- Provide strategic direction
- Ensure that objectives are achieved
- Ascertain whether risk is being managed appropriately
- Verify that the organization’s resources are being used responsibly
Risk Management
It is the process by which an organization manages risk to acceptable levels. Risk management requires the development and implementation of internal controls to manage and mitigate risk throughout the organization, including financial and investment risk, physical risk and cyber risk.
Compliance
It is the act of adhering to, and the ability to demonstrate adherence to, mandate requirements defined by laws and regulations. It also includes voluntary requirements resulting from contractual obligations and internal policies.
Discover more from Information Security Blogs
Subscribe to get the latest posts sent to your email.
