Menu Close Menu

Menu

Account

GRC Standards & Toolkits

Authoritative Standards

Rooted in decades of member experience, rigorously verified by experts.

Access the Unified GRC Glossary

The Unified GRC Glossary provides terms and definitions that cut across all disciplines, domains and certifications. It is one of the best ways to learn!

Access the GRC Glossary

  1. GRC Capability Model 3.5

    The GRC Capability Model (OCEG Red Book) helps GRC professionals plan, assess, and improve their GRC capabilities in order to achieve Principled Performance. Available for free with our Basic Membership.

    Find out more

  2. GRC Assessment Tools 3.0

    The GRC Assessment Tools (OCEG Burgundy Book) provides audit and assurance professionals, as well as those overseeing GRC capabilities, with a common set of assessment procedures to be used in reviewing GRC capabilities.

    Find out more

  3. Audit & Assurance Fundamentals

    Integrated Audit & Assurance Fundamentals standard is a collection of useful frameworks, models and methods to help every GRC Professional provide assurance.

    Find out more

  4. Policy Management Capability Model

    The Policy Management Capability Model helps GRC professionals elevate the way that policies are governed, planned, performed and measured.

    Find out more

  5. Data Privacy Capability Model

    The Integrated Data Privacy Capability Model establishes standards from which an organization may customize its approach to data privacy governance, management, and assurance.

    Find out more

01

GRC Capability Model 3.5

Free with Basic Membership

The GRC Capability Model (Red Book) helps GRC professionals plan, assess, and improve their GRC capabilities in order to achieve Principled Performance. Available for free with our Basic Membership.

Access GRC Capability Model 3.5

OCEG Red Book

OCEG Red Book

What is it?

The GRC Capability Model is the core GRC standard that provides:

  • Unified vocabulary across disciplines
  • Defined common components and elements
  • Defined common information requirements
  • Standardized practices for things like policies and training
  • Identified communication for everyone involved; including strategic decision-makers

Translations available

نموذج قدرات الحوكمة والمخاطر والامتثال™ 3.5 (OCEG Red Book - Arabic Version)

Standards

GRC 능력 모델™ 3.5 (OCEG Red Book - Korean Version)

Standards

Model Kapabilitas GRK™ 3.5 (OCEG Red Book - Bahasa Version)

Standards

Access GRC Capability Model 3.5

02

GRC Assessment Framework

Included with All Access Pass

The GRC Assessment Framework provides audit and assurance professionals, as well as those overseeing GRC capabilities, with a common set of assessment models, methods and procedures to be used in reviewing GRC capabilities.

Access GRC Assessment Framework

OCEG Burgundy Book

OCEG Burgundy Book

What is it?

The GRC Assessment Framework provides everything you need to assess or audit GRC Capabilities including:

  • Helps organizations evaluate the design and operating effectiveness of their GRC capabilities
  • Reduces the cost of such evaluations by eliminating the time and expense of creating procedures
  • Provides standard methods for external judgment and recognition of sound practices
  • Offers a review process that enables creation of prioritized improvement plans
  • Raises the level of maturity and quality of GRC capabilities in all organization

Access GRC Assessment Framework

03

Policy Management Capability Model

Free with basic membership

Visit our newest offering, Policy Management Pro to get your copy and view our policy management training course.

Access Policy Management Capability Model

Your go-to policy management standard

Policy Management Capability Model

Quickly learn, master, and apply the principles and practices you need to support your organization. Follow a proven blueprint to build your Policy Management Program.

Developed by the OCEG team and vetted by an international review board of policy management professionals, the Policy Management Capability Model is a definitive standard that can be used and updated by anyone for free.

Access Policy Management Capability Model

04

Data Privacy Capability Model

Free with basic membership

Get your copy and put data privacy principles into practice.

Access Data Privacy Capability Model

Your go-to data privacy standard

Data Privacy Capability Model

Quickly learn, master, and apply the principles and practices you need to support your organization. Follow a proven blueprint to build your Data Privacy Program.

Developed by the OCEG team and vetted by an international review board of data privacy professionals, the Data Privacy Capability Model is a definitive standard that can be used by anyone within their organization.

Access Data Privacy Capability Model

OCEG © 2002 - 2024 OCEG

Terms of Service

Privacy Policy

Refund Policy

support@oceg.org

Contact Us

Information & Billing
+1 (602) 234-9278

Principled Performance, Driving Principled Performance, Putting Principles Into Practice, OCEG, GRC360°, ActiveLearning, EventDay and LeanGRC are registered trademarks of OCEG.

Protector Skillset, Protector Mindset, Protector Code, Lines of Accountability, GRC Professional, GRCP, GRC Fundamentals, GRC Auditor, GRCA, GRC Audit Fundamentals, Data Privacy Fundamentals, Integrated Data Privacy Professional, IDPP, Policy Management Fundamentals, Integrated Policy Management Professional, IPMP, Integrated Audit & Assurance Professional, IAAP, Integrated Governance & Oversight Professional, IGOP, Integrated Strategy & Performance Professional, ISPP, Integrated Risk Management Professional, IRMP, Integrated Decision Management Professional, IDMP, Integrated Compliance & Ethics Professional, ICEP, Integrated Business Continuity Professional, IBCP, Integrated Information Security Professional, IISP are trademarks of OCEG.