GRC is an abbreviation for Governance, Risk Management and Compliance Management.
IT GRC is often perceived to have two meanings:
Using IT to manage the various Governance, Risk Management and Compliance Management processes of an organisation.
Ensuring proper governance, risk management and compliance management of all IT systems and processes that support the business operations.
Michael Rasmussen at Corporate Integrity, LLC defines GRC as follows:
- Governance is the culture, policies, processes, laws, and institutions that define the structure by which companies are directed and managed.
- Risk Management is the coordinated activities to direct and control an organisation to realize opportunities while managing negative events.
- Compliance is the act of adhering to, and demonstrating adherence to, external laws and regulations as well as corporate policies and procedures.
Secure ISMS by Neupart
Secure ISMS is a complete information security management system (ISMS) that addresses your IT GRC challenges.