IT is at the heart of GRC and Principled Performance

Get a 100-page guide that spells out (almost) everything you need to know about IT as it relates to GRC

People in IT roles are a critical component and serve a dual role in GRC

First, IT must ADDRESS their own IT governance, IT risk and IT compliance issue. For example, they need to govern and oversee the way that IT is used and managed in the enterprise. They must address the unique risks that apply to IT; and address the unique compliance requirements of IT (information privacy, security, etc.).

Second, IT must also help ENABLE their peers in other GRC departments including the board, c-suite, risk, compliance, ethics, audit and other business operators.

Goals of IT and Information Security

The goals of IT and Information Security include:

Information privacy
Information security
Enabling other GRC departments and processes

IT and Information Security at the center of GRC

The role of IT and Information Security in GRC is more than just two letters.

Second, IT must also help ENABLE their peers in other GRC departments including the board, c-suite, risk, compliance, ethics, audit and other business operators.

Role of Others in IT and Information Security

Other GRC disciplines play a role in IT and Information Security.

It is essential that people who are not specifically charged with IT and Information Security also understand what their colleagues who work in IT and Information Security actually need.

This includes knowledge about: