Governance, Risk and Compliance


Governance, Risk & Compliance rules are the rules by which corporations operate. 

They are a structured approach to aligning business objectives with technology while simultaneously effectively managing risk and meeting compliance requirements.

A well-planned GRC strategy improves executive decision-making, permits for more optimal technology investments, eliminates data/systems silos and reduces fragmentation among divisions and departments.

What is GRC?



Ensuring organizational activities, like managing operations, are aligned in a way that supports the organization's business goals.



Making sure any risk (or opportunity) associated with organizational activities is identified and addressed in a way that supports the organization's business goals.

In the IT context, this means having a comprehensive IT risk management process that rolls into an organization's enterprise risk management function.



Establishing that organizational activities are operated in a way which meet the laws and regulations impacting an organization.

In an IT context, this means making sure that systems, and the data contained in those systems, are secured and used properly.


Why is GRC important to an organization?

A GRC program can be instituted to focus on any individual area within the enterprise. A fully integrated GRC is able to work across all areas of the enterprise using a single framework.

A fully integrated GRC uses a single core set of control material that is mapped to all of the primary governance factors being monitored. The use of a single framework also has the benefit of reducing the possibility of duplicated remedial actions.

When reviewed as individual GRC areas, the three most common individual headings are considered to be:

  • Financial GRC
  • IT GRC
  • Legal GRC

Key California Consumer Privacy Act Requirements

The goal of the CCPA is to enhance privacy rights and consumer protection for residents of California. It was inspired by the European General Data Protection Regulation compliance.

The CCPA law takes effect on January 01, 2020. However, it is retroactive for one year.

Key areas of the CCPA cover:

Data inventory and mapping of in-scope personal data and instances of “selling” data

Individual rights to data access and erasure

Individual rights to opt-out of data selling

Updating service-level agreements with third-party data processors/fulfillment centers/marketing companies

Remediation of information security gaps and system vulnerabilities including strict notification requirements


Dark Rhino Security Compliance

Dark Rhino Security's team begins by focusing on common areas of concern (customer service, human resources, social media or IT). These initial investigations quickly expand into areas of public interaction within each business unit. This expands into employee training and current methods customer use to communicate with the business.