Governance, Risk and Compliance
A structured framework to manage risk and comply with standards and regulations
Overview
Information is the most valuable commodity to any organisation regardless of where they operate (defence, law enforcement, local & central government, industry, etc) and the demands to protect information assets is paramount in the face of ever-increasing and ever-changing threats from both within and without. While good cyber security hygiene will address some threats, it is only when an organisation implements a fully co-ordinated approach that threats are truly addressed and risks managed. Therefore, there is a clear need to implement supporting business-orientated frameworks or structures to further manage how all information assets are used, shared and protected.
Which is where Governance, Risk (management) and Compliance (GRC) comes in. Most organisations will already be familiar with this concept but may have taken a siloed or even unstructured approach for each activity with too much emphasis on one particular area. Here at Advent IM, we understand that GRC requires a coordinated approach that requires each element to be considered equally. For example, an effective risk management programme requires good governance structures to be in place and must also be aligned to the organisation’s compliance requirements.
So what is Governance, Risk and Compliance?
GRC can mean different things to different organisations but at Advent IM we summarise GRC as:
- Governance – The management system through which an organisation governs a particular aspect of its business (in this case security) using a combination of policies, procedures and processes. At the heart of which is a formal governance framework providing leadership, direction and a sense of purpose; dedicated roles with properly defined responsibilities; and, finally, accountability for security across the whole of the organisation.
- Risk – The consistent and repeatable processes through which an organisation identifies, analyses and manages/responds to risks that might positively or adversely impact the realisation of its business objectives. Responses typically depend on an organisation’s risk appetite and the potential gravity should the risk materialise.
- Compliance – Management processes that identify and enable compliance with all applicable laws, regulations, contracts and strategies and then assess compliance against such on a regular basis. Such activities may be determined by the organisation’s industry sector, its location or by its own risk management policies and processes.
As an established security consultancy, we have years of experience in providing GRC advice and guidance to UK and overseas organisations in line with best practice and as relevant to the sector/industry within which they operate.
Visit our Consultancy Homepage
Service Downloads
What our clients say
“Overall I was very happy with the system re-accreditation work carried out. Communication by Advent IM’s Consultant was excellent and he updated me on a regular basis on progress.”
Department of Justice NI
”
I have worked with Advent IM for some years now on a variety of projects and training courses. No matter which consultant I work with, they are all the same high quality experts but more importantly share the same passion and drive. Although several security consultancies can provide expert knowledge what makes Advent IM stand out is the approachable, pragmatic, realistic manner in which they look at risk management. That is rare and why they are now my go-to company for any IS related matters.”
West Midlands Police
“I have benefitted from Advent IM’s excellent understanding of Information Assurance in the round. This has been increasingly pertinent where data is being exchanged across physical, technical and geographic boundaries. Advent’s expertise in the area of ISO27000 series has shone through on this (as has their knowledge on other standards) and has been key in how risk management has been progressed.”
Department for Transport
“Overall, I found Advent to be a very professional outfit with a friendly and delivery focused approach, thereby allowing project challenges to be tackled together in an open and swift manner. I only have good things to say with regards to Advent and would not hesitate to work with them again or recommend them to another government organisation.”
Department for Work and Pensions