Decided to spin this blog to document some of my GRC platform development.
Some thoughts:
Building a GRC platform isn’t an easy task, especially considering that different companies have different approaches to GRC processes. Some companies are less mature and require the barebones, other companies manage their GRC processes with lots of sophistication.
To satisfy the needs, of “everyone” would require extreme engineering and capabilities. And even with that, the system capabilities would almost certainly need to allow for hard changes.
For example– policy management.
Policy management could be coordinated by one team, or multiple. Policy revision process could be done via local files, or via collaborative solution. Policy framework / process could be performed in isolation or in matrixed environment. Finally policy lifecycle will vary from organization to organization, and then from team to team.
As a result, in my case, to build the GRC platform, I would have to make sacrifices and calculate possible variations in process. Nonetheless, building a fluid platform that would accommodate everyone’s needs is a task that is above my skillset
So, to be able to accomplish the result, I have to scope it down. I will have another post regarding the scope
Leave a Reply