Governance, Risk and Compliance (GRC)

GRC is a group of processes.  It has been our experience that employees and staff are always willing to ‘do the right thing’, as long as someone is telling them what the right thing is.  But if you are not establishing what the desired behaviors are, and making people aware of those desired behaviors, then it is impossible for people to comply.   We can help you in the following areas:

  • Establish Policies to manage and protect your information and your systems.  Coordinate with business units and other corporate service organizations to ensure that all have buy-in and ownership of Policy. 
  • Establish criteria for building, testing and deploying systems with proper security features built in.  These are simply choices that you make to establish standard behavior.
  • Manage your outsourcing.  Outsourcing a service does not mean that you don’t have to worry about a service anymore.  You must make it clear what you expect from your service providers, and you must perform due diligence to confirm that your service providers are capable of meeting your needs.
  • Monitor industry sources to ensure that you are aware of urgent threats and newly discovered vulnerabilities. 
  • Establish processes to allow business units to perform outside of policy with proper justification.  These processes simply need to confirm that the right decision makers are made aware of the context so that they can make an informed decision.


Return to Home Page


Print | Sitemap