Updated: Nov 20, 2019
"Governance, risk management and compliance (GRC) is a comparatively recent technique enabling organisations to manage their data compliance and security. It is typically related to data security, but can also include data recovery and service-level agreements with third parties."
To read the full article, follow this link.
The more data a firm has to manage, the more difficult it is to ascertain and control who is accessing data, how it is being used and how secure it is.
As the name suggests, GRC is focused on three areas of critical importance to data management:
Governance — information management systems and controls
Risk management — identification, assessment and response to potential risks
Compliance — conforming with regulations and organisational policies in the handling of data
To do this, firms need to implement robust identity management and strong auditing (through both human and systematic processes) of access to data. While many firms may be aware of the issues, not all are able to respond. Many data initiatives fail through lack of skills, inability to consolidate and migrate data and the challenges of doing all this while complying General Data Protection Regulation (GDPR).
The key to succeeding is to see data security not as a single-step process, but as a multi-dimensional and ongoing activity. No-one said it was easy!