GRC is an abbreviation for Governance, Risk Management and Compliance Management.
IT GRC is often perceived to have two meanings:
Using IT to manage the various Governance, Risk Management and Compliance Management processes of an organization.
Ensuring proper governance, risk management and compliance management of all IT systems and processes that support the business operations.
Michael Rasmussen at Corporate Integrity, LLC defines GRC as follows:
Governance is the culture, policies, processes, laws, and institutions that define the structure by which companies are directed and managed.
Risk Management is the coordinated activities to direct and control an organization to realize opportunities while managing negative events.
Compliance is the act of adhering to, and demonstrating adherence to, external laws and regulations as well as corporate policies and procedures.
The ISACA association has embraced IT Governance for several years. The IT Goverance Institute - ITGI - is publishing COBIT 5, the widely adopted IT Governance Framework, that is being used by many organisations to support Sarbanes Oxley compliance. Risk IT is a risk management framework, published by ISACA.
Neupart is proud to be a licensee of COBIT. The SecureAware ISMS solution includes the COBIT control objectives.
SecureAware ISMS by Neupart
SecureAware is a complete information security management system (ISMS) that addresses your IT GRC challenges.