Is it just another acronym?
Perhaps, but this one might be the glue that binds a lot of other acronyms together.
Allow us to explain.
See GRC stands for Governance, Risk Management, and Compliance.
These three are interrelated and aim to ensure that an organisation:
- achieves their objectives,
- addresses uncertainty and,
- acts with integrity.
Let’s dive a little bit deeper into each.
Governance in essence represents the way in which an organisation is directed and controlled. This includes culture, politics, processes, and laws that determine how a company should conduct itself.
Risk on the other hand is a possible event that could cause harm, loss, or increase the difficulty to achieve organisational objectives.
Risk Management in turn is therefore predicting and managing the effect of uncertainty on these organisational objectives.
And lastly, Compliance refers to the adherence to mandated boundaries (laws and regulations) and voluntary boundaries (company policies, procedures, etc.).
In practice, the establishment of an Information-GRC culture in your organisation, will not only support compliance to the various privacy and data protection laws like PAIA (1), GDPR (2) and POPIA (3), but it will also contribute considerably to the success of improved decision-making, optimal IT investment, and reduced fragmentation among divisions and departments.
In short, having a GRC culture and framework provides sense to your business operations. It pulls both internal and external laws and policies together.
Perhaps it’s time to relook POPIA through the lens of Information-GRC?
1. PAIA = Promotion of Access to Information Act
2. GDPR = General Data Protection Regulation (European Union)
3. POPIA = Protection of Personal Information Act