Andrew on InfoSec GRC

GRC Platform Scope

Written by

Andrew Zancenko

in

Concentrate on the Information Security Space, or the Operational Risk at the most

  • Define Objects:
    • Organizations
    • Assets
    • Authority (like Regs, Frameworks)
    • Glossary
    • Data Classifications and Atributes
    • Documents (Policies etc)
    • Risks
    • Controls

  • Define Risk Management Capabilities
    • Issues and Actions
    • Initiatives
    • Objectives
    • Tasks
    • Assessments
      • Risks, Controls, Processes
    • Control Testing
    • Control Attestations
  • Reporting Capabilities
    • Reporting capabilities is a tricky subject in GRC. I can’t possibly complete with Reporting platforms. So it is best to integrate with existing BI platforms
  • Relational Capabilities
    • Allow to setup relations between Objects
    • Allow quickly navigating Relationships from within the object/record or outside
  • Setup options

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts