Governance, Risk and Compliance is sometimes a managerial step or a mandatory step to adhere with regulations & maintain compliant systems. It widely helps in Risk Management.
Some of the major components of IT GRC are:
- IT Policy Management
- IT Risk Management
- Compliance Management
- Threat & Vulnerability Management
- Vendor Risk Management
- Incident Management
1. IT Policy Management
An administrative method to simplify management by defining and enabling rules(policies) for various apprehensive situations. This is done keeping in mind the organization's goals & belief
- Policy Life Cycle Management
- Policy Creation
- Establish Linkages
- Alerts & Notification
- Manage Exceptions
- Metrics & Dashboard Reporting
2. IT Risk Management
This includes all risk associated with owning IT assets. In larger scales, for an organization, all the data stored is part of this.
- Risk Identification
- Risk Assessment Scheduling
- Aggregate Data
- Risk Assessment & Evaluation
- Issue / Action Tracking
- Metrics & Dashboard Reporting
( Read More: Checklist: Skillset required for an Incident Management Person )
3. IT Compliance Management
A proper framework in place can save money, time and energy. The framework should be set up once and your organization should be compliant while it should be able to notify on the new compliance requirements and licenses
- Regulatory Alerts, Rule Mapping
- Federation
- Surveys, Assessment
- Testing
- Certification & Filing
- Issue / Action Tracking
- Metrics & Dashboard Reporting
4. Threat & Vulnerability Management
This is a continuous process to manage all the assets owned by the organization. Prioritization is key as it directly estimates loss.
- Create Asset Repository
- Prioritize Assets
- Threat & Vulnerability Assessment
- Analysis & Prioritization
- Closed Loop Issue Management
- Metrics & Dashboard Reporting
5. Vendor Risk Management
This refers to all third party vendor risk. Vendor selection should be preceded by checking their risk scenario.
- Vendor Information Management
- Vendor Risk Assessment
- Vendor Compliance Management
- Closed Loop Remediation
- Metrics & Dashboard Reporting
6. Incident Management
This is constant monitoring, tracking analysis and reporting to make sure incidents are at bay. In case there is a breach, policies should be in place to tackle them.
- Aggregate & Track Incidents
- Incident & Issue Analysis
- Integrate with 3rd Party Solutions
- Resource Management & Collaboration
- Closed Loop Monitoring
- Metrics & Dashboard Reporting
( Read More: Critical Platform Capabilities For IT GRC Solution )
Reference-
1.Extracts have been taken from IT GRC Workshop, Decision Summit, Delhi 2015 by Ravi Mishra
2.http://whatis.techtarget.com/definition/policy-based-management
3.http://www.techopedia.com/definition/25836/it-risk-management
Comments