skip to Main Content

At The Identity Organisation, we're here to help!

Slide Get in Touch With Us We work closely with our clients to understand their goals and then help them develop their plans in accordance with their core requirements. Our success is our clients success. Get in touch with us to uncover and deliver on opportunities that build lasting value. How to find us The Identity Organisation Ltd
Mercury House
19-21 Chapel Street, Marlow,
Bucks, SL7 2HN
Contact Details +44 (0) 1628 308038
info@tidorg.com

Alternatively, fill in our contact form below and one of our consultants will be in touch.

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    GRC and Cyber Security Must Unite

    GRC And Cyber Security

    Governance, Risk, and Compliance (GRC) are necessary functions within enterprises but businesses tend to structure and run them differently. For example, in some companies, GRC operates as three separate, siloed functions. Other companies have a GRC function that includes GRC specialists if not GRC certified professionals. 

    Even when GRC operates as a combined organization, cyber security – another risk function – tends to operate separately. One of the reasons for that is because GRC functions are viewed as business functions while cyber security is viewed as more of an IT (technology-oriented) function. However, as any cyber security incident demonstrates, the scope of risk fallout tends to impact more than one function simultaneously.

    Governance

    Governance is often thought of synonymous with data governance, but corporate governance has a higher-level responsibility. Corporate governance balances the interests of various stakeholders and it helps the company realize its strategic objectives through frameworks, rules, practices, processes and performance measurement, among other things. 

    In a data-centric context, governance helps ensure that only authorized parties have access to the data they wish to use. Data governance rules eclipse compliance because the use of data is also governed by laws and regulations.

    Risk

    Traditional risk functions have focused on financial risks. Typically, this function has worked closely with, if not reported to, the CFO. Financial risks take several forms including vendor risks, business continuity risks and indemnification (insurance).  

    Traditional risk management can sometimes be at odds with other groups, particularly when it’s viewed as an obstacle to innovation. It’s therefore important to determine what an organization’s risk appetite is and to innovate within the scope of it. For example, Amazon has had some spectacular successes and failures because it was willing to take on significant risks to its bottom line, stock price and reputation.

    Compliance

    Compliance focuses on legal and regulatory compliance. This function must understand which outside rules the organization must adhere to and translate those rules into practices and processes that ensure compliance.

    Compliance is subject to audits internally and by third parties which may be consulting firms that are verifying whether their clients’ companies are compliant. Alternatively, a regulatory auditor, may be doing the same. The various audits tend not to be mutually exclusive undertakings since the last thing a company wants is for a government auditor to discover a problem. If that happens, then the company will likely be subject to regulatory fines and if it’s a public company, they’ll have to disclose the issue to shareholders. If the violation has also harmed customers (e.g., PII misuse), lawsuits could also result.

    Modernly, compliance, like governance, has been strongly associated with data given the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). However, the compliance function is broader. 

    With thanks to Cyber Security Hub. The full story is here: https://www.cshub.com/executive-decisions/articles/grc-and-cyber-security-must-unite

    Find out how The Identity Organisation can help you onboard Digital Identities, Avoid Fraud and Keep Data Secure with AcuantGo

    Introducing Acuant®GO: Why No Code IDV & Compliance Solutions are a Game Changer

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://mailchi.mp/8b5c8353e419/acuantgo-rfi

    close

    Sign Up to the TIO Intel Alerts!

    Back To Top