"These days, organizations are facing increasingly sophisticated information security attacks from multiple sources. At the same time, they're struggling to comply with a growing number of government and industry regulations, and they're facing pressure to put in place better corporate controls.
One way to address this group of challenges is with a relatively new concept that has a variety of definitions in the marketplace: governance, risk management and compliance (GRC) technology.
GRC software tools—those designed specifically for IT-related data (IT GRC) and broader enterprise issues (EGRC), first appeared about 10 years ago. The software is designed to automate GRC processes, enable companies to integrate and manage operations that are subject to regulation, and implement an organized approach to managing GRC-related activities.
Before a company gets involved with GRC software, its executives need to understand that the products are essentially designed to automate existing processes that should already be proven and effective. This is the single most critical success factor in building an effective GRC program. People first (buy-in), process second, and only then technology."