Governance, Risk and Compliance
Governance, Risk & Compliance rules are the rules by which corporations operate.
They are a structured approach to aligning business objectives with technology while simultaneously effectively managing risk and meeting compliance requirements.
A well-planned GRC strategy improves executive decision-making, permits for more optimal technology investments, eliminates data/systems silos and reduces fragmentation among divisions and departments.
What is GRC?
Ensuring organizational activities, like managing operations, are aligned in a way that supports the organization's business goals.
Making sure any risk (or opportunity) associated with organizational activities is identified and addressed in a way that supports the organization's business goals.
In the IT context, this means having a comprehensive IT risk management process that rolls into an organization's enterprise risk management function.
Establishing that organizational activities are operated in a way which meet the laws and regulations impacting an organization.
In an IT context, this means making sure that systems, and the data contained in those systems, are secured and used properly.
Why is GRC important to an organization?
A GRC program can be instituted to focus on any individual area within the enterprise. A fully integrated GRC is able to work across all areas of the enterprise using a single framework.
A fully integrated GRC uses a single core set of control material that is mapped to all of the primary governance factors being monitored. The use of a single framework also has the benefit of reducing the possibility of duplicated remedial actions.
When reviewed as individual GRC areas, the three most common individual headings are considered to be:
- Financial GRC
- IT GRC
- Legal GRC
Key California Consumer Privacy Act Requirements
The goal of the CCPA is to enhance privacy rights and consumer protection for residents of California. It was inspired by the European General Data Protection Regulation compliance.
The CCPA law takes effect on January 01, 2020. However, it is retroactive for one year.
Key areas of the CCPA cover:
Data inventory and mapping of in-scope personal data and instances of “selling” data
Individual rights to data access and erasure
Individual rights to opt-out of data selling
Updating service-level agreements with third-party data processors/fulfillment centers/marketing companies
Remediation of information security gaps and system vulnerabilities including strict notification requirements
Dark Rhino Security Compliance
Dark Rhino Security's team begins by focusing on common areas of concern (customer service, human resources, social media or IT). These initial investigations quickly expand into areas of public interaction within each business unit. This expands into employee training and current methods customer use to communicate with the business.