GRC Practice Director, Alex Hollis, will be presenting at ISF’s Annual World Congress on Sunday, the 28th of October 2018 at 10:15 AM, in Room 5, Verona. His keynote session will center on ‘How To Integrate Business Risk and IT Risk’.
What does GRC mean to you?
Many governance, risk, and compliance (GRC) projects fail because they’re deployed to support a specific compliance need or to meet the requirements of a specific department.
Typically, organizations operate in terms of business GRC (EGRC), and IT GRC. EGRC is concerned with business processes, clients, and products. Its focus is on operational risk, considering the higher-level issues and calculating the effects of particular risks on the overall business, and attributing an ROI figure to those risks.
In contrast, IT GRC is device-led and focused solely on anything with an IP address, such as applications, data, software or hardware. It rarely considers the risk environment outside of its physicality, with risks directly attributed to its assets (e.g. database).
The reality is that organizations require a comprehensive view across the entire business, which includes any external third parties.
By taking an integrated risk management (IRM) approach and connecting EGRC and IT GRC, you can start to have more joined-up, in-depth conversations about your organization, since you have greater visibility over their relationship. For example, if vulnerabilities in your IT infrastructure were to cause a web server to go down (IT GRC) it can impact your sales team, who wouldn’t be able to access their customer data (EGRC).
For years we have encouraged our customers to take an IRM approach, which integrates EGRC and IT GRC, because of the value you can derive from it, and the greater protection it affords an organization.
With GDPR now in effect, it means that from a regulatory standpoint you have no option but to integrate the two; GDPR requires that you identify your information assets, the physical territories in which they sit, and it forces you to identify and consider your supply chain in its entirety.
Furthermore, business standards, such as the ISO 27000 series, will also require you to integrate your eGRC and IT GRC to demonstrate and maintain compliance.
Don’t worry! On the 14th of November, 4 PM UK time, Alex will be presenting this speech on Bright Talk.
Attend the free webinar by registering here.
With over 16 years’ experience in IT, mobile technology and software development, Alex has spent the last seven years specializing in governance, risk, and compliance (GRC). After just six months in the industry, Alex received a platinum-level excellence award for his work around risk bow-tie modeling, Solvency 2 and Basel 3. Now focusing primarily on operational risk, Alex has analyzed, designed and implemented GRC technology and IRM solutions into 60 companies, including some of the largest and most complex environments. His experience spans multiple sectors, including telecommunications, aviation, pharmaceuticals, manufacturing, retail, public sector, financial services, and insurance. A keynote speaker at prestigious industry conferences, Alex is also currently writing a book on end-to-end GRC.
SureCloud is a provider of cloud-based, integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk. SureCloud connects the dots with integrated Risk Management solutions enabling you to make better decisions and achieve your desired business outcomes. SureCloud is underpinned by a highly configurable technology platform, which is simple, intuitive and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation; meaning you get immediate and sustained value from the outset.