Skip to content
Log in

Governance, Risk, and Compliance (GRC)

Definition

An integrated discipline that combines governance structures, risk management processes, and compliance monitoring into a unified programme. GRC platforms and frameworks allow organisations to manage policy obligations, risk registers, and audit findings in a single view.

Related terms

CISO (Chief Information Security Officer)
The senior executive responsible for developing and maintaining the information security programme. The CISO reports to the board or a board committee...
Policy hierarchy
The layered document set that translates governance intent into operational requirements. Tiers typically run: information security policy, topic-specific policies, standards, procedures, and...
Risk appetite
The amount and type of risk an organisation is willing to accept in pursuit of its objectives, as defined by its governing...
Security governance
The set of structures, roles, policies, and accountability mechanisms by which an organisation directs, controls, and monitors its information security activities. Governance...
Three lines of defence
A governance model that separates security responsibility into three distinct layers: operational management that owns controls (first line), risk and compliance functions...

Explained in

  • Security Governance Frameworks OverviewAn integrated discipline that combines governance structures, risk management processes, and compliance monitoring into a unified programme. GRC platforms and...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account