Governance, Risk
& Compliance (GRC)
GRC ensures business driven security
​
This offer is about ensuring agreed policies and compliance obligations are enforced in a controlled, measurable and auditable way, to ensure the business operates within it's risk appetite. It's the assurance client's and investors need to underpin trust.
​
GRC is the business’s primary mechanism for ensuring compliance to business, data, technology and security principles, and any regulatory (or legislative) compliance goals defined under a strategy.
In today’s digital economy, business reputation is coupled to Information Assurance and Cyber Security. This infers a heavy responsibility on the CISO to deliver in context of risk appetite, data and security principles, and compliance obligations. In the face of an ever potent cyber threat landscape, this is getting harder and more expensive to do.
GRC provides the security ‘DNA’ to support that delivery – through a Data Security Life Cycle (DSLC) framework. DSLC describes a phased cycle from data generation, business value (i.e. information classification), through to ultimate destruction in compliance with Data Privacy legislation.
Crucially, DSLC, through an Information Security Management System (ISMS) delivery process, drives security policies, risk appetite and roles & responsibilities across all security domains, from physical to Cyber. DSLC is a cyclical process that evolves with the business’s valuation of data and risk appetite.​
​
Ensure your security is aligned to the business
GRC, through a DSLC framework, is therefore the basis of how Information Assurance and Cyber Security is applied across business domains in a consistent, structured and sustainable manner.
​
The purpose of the GRC offer is to work with the CISO office and other internal stakeholders to:
-
Identify (or define) principles that will underpin a DSLC framework
-
Augment existing or construct a DSLC framework in context of business ecosystem
-
Contextualise existing security policies and procedures in terms of the DSLC
-
Deliver prioritised DSLC phases and outputs -e.g. baseline security requirements
​