A Guide to Internal Governance, Risk, and Compliance
1 minute
Last Updated February 25, 2021
Governance, risk, and compliance (GRC) programs
Developing or maintaining your organization’s governance, risk and compliance (GRC) program can seem like a daunting task, but fortunately there are many free or low cost solutions to help your organization get, well, organized! GRC is a strategy for managing your organization’s overall governance, enterprise risk management and compliance with regulations. GRC is how your organization aligns IT with business objectives, while managing risk and meeting compliance requirements.
Recognized cybersecurity frameworks
Not even sure where to start? Take the free version of RealCISO, which is a self-assessment tool closely aligned with NIST Cybersecurity Framework (CSF).
- National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)
- Center for Internet Security (CIS) Controls
- ISACA COBIT Framework
- ISACA CMMI Framework and Platform
- Health Insurance Portability and Accountability Act (HIPAA) Security Rule
- HIPAA Security Risk Assessment Tool
- Payment Card Industry (PCI) Data Security Standards (DSS)
- Available for download here
- Data Security Essentials Evaluation Tool for small merchants (free tool)
Data privacy frameworks and resources
- NIST Privacy Framework
- International Association of Privacy Professionals (IAPP)
- IAPP is the largest and most comprehensive global information privacy community and resource. The IAPP website provides solid free content and more robust content for members
