While user management is part of any system, implementing such functionality is vital and needs to align with platform capabilities and would also integrate with Roles, Permissions and also Groups capabilities.
(more…)Category: GRC Platform Development
-
Glossary – module
Will allow to have a centrally managed glossary that can be used by anyone and each term can be defined differently by different groups (variations)
(more…) -
Data Classifications and Attributes – Module
Functionality
- Display classifications and definitions
- Restricted
- Confidential
- Internal
- Public
- Display classifications and definitions
-
Entity Relationship Diagram (ER)
The complex GRC structure demands a complex relational database, and in some cases would require replication of various data to allow to store specific data aggregations.
While the ER is in development and will undergo changes, the overall structure begin to emerge
(more…) -
GRC Platform Scope
Concentrate on the Information Security Space, or the Operational Risk at the most
- Define Objects:
- Organizations
- Assets
- Authority (like Regs, Frameworks)
- Glossary
- Data Classifications and Atributes
- Documents (Policies etc)
- Risks
- Controls
- Define Objects:
-
GRC Platform Development – inception
Decided to spin this blog to document some of my GRC platform development.
Some thoughts:
Building a GRC platform isn’t an easy task, especially considering that different companies have different approaches to GRC processes. Some companies are less mature and require the barebones, other companies manage their GRC processes with lots of sophistication.
(more…)