You are here:

Governance, risk, and compliance management

Indicators for better decisions

Governance, risk, and compliance (GRC) management assists organisations in furnishing evidence of how mission-critical assets are protected, thereby helping to fulfil compliance requirements. But there is more to it. In times of changed economic thinking, IT security budgets are also investigated. There is a need for metrics and indicator systems to determine the economy and efficiency of the utilised IT security infrastructure.

Unfortunately, the reality is often quite different: Instead of efficiently managing opportunities and risks, companies often waste their time with unsuitable, decentralised tools (e.g. Excel) and fail to reach their goals.

What everybody knows

ISMS (Information Security Management System) is a system of processes and rules of a company that serves the ongoing management and control of the information security. The establishment of an ISMS according to ISO/IEC 27001:2005 and the implementation within the scope of the PDCA cycle form the core of the risk management.

What you only know afterwards

The establishment of an Information Security Management System (ISMS) is a special challenge, as it requires high-quality methodology and content in order to achieve the desired result. Moreover, various internal and external stakeholders have diverse requirements, each with a specific view on the deployed system.

What you should know in advance

A GRC tool counteracts the typical sawtooth curve describing the activities for an upcoming audit by means of automated, permanently running risk management. Especially scorecard-based governance, risk, and compliance (GRC) management systems enable a structured qualitative and quantitative assessment of risks, opportunities, and controls.

Additional Information