Term of the Week: Governance, Risk Management, Compliance (GRC)

Why does a business professional need to know this?

For companies to provide quality products or services, grow, and achieve success, they need an efficient vision, correct guidelines, internal controls, and mature operations.

Compliance is central to this effort, because companies must adhere to international standards, requirements, and certifications to succeed. Compliance is a combination of internal processes that ensure that all operational procedures follow guidelines and specifications from industry regulations, local laws, and information security best practices.

Business professionals should consider incorporating innovative solutions and technologies designed to protect intellectual property (content) and personally-identifiable or sensitive personal information (data) from the prying eyes of competitors, disgruntled employees, and mischievous pranksters. However, introducing new technologies introduces risk. Digitally-savvy organizations adopt risk management best practices to reduce potential negative impacts from these cybersecurity efforts.

Risk management is the discovery, evaluation, and prioritization of business risks. Risk management activities involve determining, minimizing, and controlling the probability or impact of unfortunate events. Risk managers work to help organizations develop rules, adopt controls, and take steps designed to both protect information assets and eliminate cybersecurity vulnerabilities. Risk managers also develop response plans and proactive protection strategies focused on limiting the impact of cyberattacks.

Risk management and compliance efforts must be aligned to address these needs, which leads companies to adopt governance. Governance refers to a set of policies, processes, and procedures that define how a company ensures that critical systems and sensitive information are kept secure, confidential, and available.