Governance, Risk, and Compliance (GRC)
Governance, Risk and Compliance, or GRC for short, refers to a company’s coordinated strategy for managing the broad issues of corporate governance, enterprise risk management (ERM) and corporate compliance with regard to regulatory requirements.
Specifically, the three pillars of GRC are:
Governance – The effective, ethical management of a company by its executives and managerial levels.
Risk – The ability to effectively and cost-efficiently mitigate risks that can hinder an organization’s operations or ability to remain competitive in its market.
Compliance – A company’s conformance with regulatory requirements for business operations, data retention and other business practices
Defining Governance, Risk and Compliance
While many experts and GRC vendors disagree on a standard definition for Governance, Risk and Compliance, the Open Compliance and Ethics Group (OCEG) has published one of the most comprehensive GRC definitions. In its GRC Capability Model, Red Book, 2.0, the OCEG defines GRC as a “system of people, processes, and technology that enables an organization to:
Understand and prioritize stakeholder expectations.
Set business objectives that are congruent with values and risks.
Achieve objectives while optimizing risk profile and protecting value.
Operate within legal, contractual, internal, social, and ethical boundaries.
Provide relevant, reliable, and timely information to appropriate stakeholders.
Enable the measurement of the performance and effectiveness of the system.”
GRC Solutions and Services
GRC business policies, software solutions and services enable companies to implement, manage monitor and measure the effectiveness of their Governance, Risk and Compliance strategies. GRC strategies rely on clearly defined, objective measurables for providing companies with insight into the overall effectiveness in each area of governance, risk and compliance.
Because GRC strategies span the entire organization, these tools and policies require management and coordination across numerous departments in an enterprise, including IT, management, security, compliance and auditing.
Read Also:
- Copy Data
Copy data refers to data in an organization that has been copied and retained for backup, archival and/or Governance, Risk and Compliance (GRC) preservation purposes. Copy data stands in contrast to production data, which is the data consumed, manipulated and/or managed in the daily operations of a business and its applications. Data storage repositories for […]
- CoreOS
Rocket is a containerization model developed by CoreOS that serves as an alternative to Docker. As with Docker, CoreOS Rocket automates the deployment of applications as portable, self-sufficient containers that can run virtually anywhere on any type of server. But while Docker has started to evolve into a complex platform that serves a variety of […]
- Apache Spark
Apache Spark is an open-source engine developed specifically for handling large-scale data processing and analytics. Spark offers the ability to access data in a variety of sources, including Hadoop Distributed File System (HDFS), OpenStack Swift, Amazon S3 and Cassandra. Apache Spark is designed to accelerate analytics on Hadoop while providing a complete suite of complementary […]
- Microsoft Parature
Microsoft Parature is a cloud-based customer engagement solution that enterprises can deploy to provide self-service capabilities to their customers. Examples of customer engagement capabilities provided by Microsoft Parature include self-service knowledge base portals for customers on the Web and social networks like Facebook, online chat systems for customer service and proactive sales opportunities, customer support […]
- GHOST Bug
The GHOST bug is a buffer overflow security vulnerability in some distributions of Linux that can potentially enable attackers to execute arbitrary code on systems. Specifically categorized as GHOST (gethostbyname) CVE-2015-0235, the GHOST bug flaw resides in the gethostbyname() and gethostbyname2() function calls in older versions of the GNU C Library (glibc) that is packaged […]