The new report "A GRC Reference Architecture" aims to clarify the term GRC by defining a reference architecture, what exactly should be part of a GRC framework and how the different parts interact.
Duesseldorf October, 14th, 2009 - Governance, Risk & Compliance - these three terms, in short "GRC" are pretty widely used in these days. Unfortunately, there is great confusion in how this term is used. The reason for this confusion is with high probability the fact that it allows to sell pretty easily all kind of technology under the umbrella of "Risk" and "Compliance" solutions.
The new report "A GRC Reference Architecture" aims to clarify the term GRC by defining a reference architecture, what exactly should be part of a GRC framework and how the different parts interact. It looks at GRC from a company-wide point of view, assembling all activities that have a certain internal control nature, yet focused on cost effectiveness and overall capability building.
"The architecture definition is driven by a central "GRC" process with four major phases: Requirements Modeling, Status Investigation, Situation Improvement and Crisis & Incident Management" claims the author, Prof. Dr. Sachar Paulus. These phases are described in detail, including the technical and organizational options and recommendations that stem from the setup of the model.
This report lays the ground for subsequent research by KC analysts on the different products and solutions in the market, from the big software companies to niche players. "The product and market reports will use the reference architecture as a fundamental structuring element, to enable customers to immediately understand which value - and where - a certain "Compliance" solution will bring them" adds Prof. Paulus.
Should you require a copy of the report for editorial reasons, please contact us. We request specimen copies of publications, which refer to our reports and studies.
Kuppinger Cole, founded in 2004, are the only European analyst group dedicated to provide expert advice on GRC, Identity and Access Management, IT security, Cloud Computing and other core IT issues as well as independent and critical evaluation of products and solutions in the realm of their research areas.
