GRC Standards & Toolkits

Authoritative Standards

Rooted in decades of member experience, rigorously verified by experts.
  1. GRC Capability Model 3.5

    The GRC Capability Model (OCEG Red Book) helps GRC professionals plan, assess, and improve their GRC capabilities in order to achieve Principled Performance. Available for free with our Basic Membership.

    Find out more

  2. GRC Assessment Framework

    The GRC Assessment Framework (OCEG Burgundy Book) provides audit and assurance professionals, as well as those overseeing GRC capabilities, with a common approach and set of assessment procedures to be used in reviewing GRC capabilities.

    Find out more

  3. Audit & Assurance Fundamentals

    Integrated Audit & Assurance Fundamentals standard is a collection of useful frameworks, models and methods to help every GRC Professional provide assurance.

    Find out more

  4. Policy Management Capability Model

    The Policy Management Capability Model helps GRC professionals elevate the way that policies are governed, planned, performed and measured.

    Find out more

  5. Data Privacy Capability Model

    The Integrated Data Privacy Capability Model establishes standards from which an organization may customize its approach to data privacy governance, management, and assurance.

    Find out more