The increasing complexity of Governance, Risk and Compliance (GRC) frameworks, including those for privacy, has driven the need to automate common GRC activities, including management, measurement and reporting.
Out-of-the-box GRC software can get an organization only so far.
Software tools for risk monitoring
Normally through software tools, organizations can align their specific risks; legal and regulatory requirements; compliance objectives; and business strategies to their own business processes and controls so that risk management and compliance activities are structured, comprehensive and not left to chance.
Out-of-the-box GRC software can get an organization only so far; it is the customization and configuration of these tools that allow a specific organization to manage its specific requirements and its specific activities.
Common GRC activities suitable for technology enablement include:
- Risk identification and management
- Compliance requirement organization
- Mapping of controls and compliance requirements to specific business processes
- Incident management
- Dashboarding and reporting
Use of GRC tools can result in stronger GRC activities, reduced costs, more accurate reporting and a stronger regulatory compliance posture.
In 2010, more privacy offices will be using GRC tools to monitor controls and survey their organizations on specific areas of risk and compliance. As the use of GRC tools matures within the organization, more areas of privacy management will be monitored and, consequently, better reporting on progress and gaps will be generated.
As other groups within the organization that are tasked with elements of privacy management incorporate GRC into their operations, the privacy office visibility further increases and the ability to react to specific challenges improves.
Ask yourself
As you consider integrating GRC tools into your privacy management efforts, have you:
- Identified areas for improving compliance and risk monitoring across critical operational areas?
- Considered how to harmonize GRC reporting and record keeping across operations and processes?
