JULY 2018CIOAPPLICATIONS.COM8NEMI GEORGE, SENIOR DIRECTOR OF INFORMATION SECURITY & SERVICE OPERATIONS AND DANIELLE BUARD, INFORMATION SECURITY COORDINATOR, PACIFIC DENTAL SERVICEShe three tenets of Governance, Risk, and Compliance Management (GRC) incorporate information technology in order to manage the numerous operational processes within an organization (Rasmussen, 2018). Governance consists of the culture, processes, and policies that form the foundation of an organization (Rasmussen, 2018). A GRC program can support the governance of organizational policy through the assessment and remediation of technical and non-technical controls (Johnson, 2015). Risk management is the coordinated effort to forecast and evaluate the impact of various risks to an organization. A GRC program contributes to the risk management effort through quantification, analysis, and the mitigation of risk within an organization (Johnson, 2015). Compliance is the act of adhering to standards that ensure the integrity and confidentiality of organizational processes. These controls and their exceptions can be mapped to regulations that govern certain compliance standards (Johnson, 2015). Benefits of GRC TechnologyThe benefits of implementing a GRC tool are huge as organizations are increasingly required to be compliant with multiple industry and regulatory standards such as GDPR, HIPAA, PCI-DSS, etc. A well implemented GRC solution acts a single pane of glass and offers empirical insights into the Information Security; Enterprise Risk Management including third party and vendor risk management. Simply put, `'an effective GRC program takes your Information Security program from the war room to the board room''. It communicates very technical and often complex aspects of information security such as threats, vulnerability assessments, penetration tests, cyber security incident responses and implementation of controls in simple easy to understand business language and in a format that is largely understood by senior management and executive teams across multiple organizations. Core GRC FeaturesSeveral GRC tools boast a laundry list of features and unique selling points, but there are a few features that should be prioritized above others. Integration with core business systems such as a vendor management system, IT service management system and contract lifecycle management system; asset discovery of critical business assets; assessments should be based on consolidated standards and frameworks; operational (practitioner) and management (executive) dashboard; and ability to customize risk assessment methodology.TIN MY VIEWLeveraging GRC Technology to Improve Security Program
< Page 7 | Page 9 >