|
The GRC-GRID
The Governance, Risk Management and Compliance
Global Rules Information Database
The Governance, Risk Management and Compliance
Roundtable (GRC-RT) is developing a Global Rules
Information Database (GRC-GRID or GRID) as an
open database of rules, regulations, standards,
and government guidance documents that require
IT action, and a survey of the regulatory
climate around the world. The goal of this
project is to provide the de facto GRC reference
guide for global IT and business managers. The
initial development of the GRID is complete and
governed by the GRC-RT. The GRC-RT promotes its
use, guides and implements its enhancement and
collaborates with rules producing entities
worldwide to oversee and automate data
acquisition.
The GRC-GRID is searchable by vertical market
and geography, enabling users to determine:
-
Which rules apply to a
particular firm
-
What are the best
practices for compliance with these
rules
-
What are the GRC related
ramifications of business initiatives
involving new markets or geographies
The key to ensuring the
success of this repository is to make it
open, and to solicit input from users and
vendors who would benefit from its creation,
but who individually cannot afford the
considerable expense. Much like the Oxford
English Dictionary, which gathers
definitions and usage of words from a global
team of volunteers, the GRC-RT GRID team has
a central development group that vets
submissions from a wide-ranging team of
contributors. The first release of the
repository is focused on horizontal rules
such as privacy, security and governance and
issues specific to banking. It includes
rules from the following countries:
Argentina
Australia
Belgium
Brazil
Canada
China
Denmark
France |
Germany
Hong Kong
India
Italy
Japan
Luxembourg
Mexico
Netherlands |
Portugal
Singapore
South Korea
Spain
Sweden
Switzerland
United Kingdom
USA |
And multi-national entities such as the
European Union (EU). Eventually each
geographic jurisdiction will have an
overview of:
- Outsourcing Regulations / Principles
/ Guidelines
- IT Governance and Operational Risk
(incl. IT risk) Management§ Data Privacy
& Secrecy
- Spam
- Data Retention & Data Transfer
- Security & Safety of IT Systems and
Infrastructure§ Business Resiliency (BCP/DRP)
- Electronic Surveillance &
Monitoring§ Electronic Transactions &
Digital Signatures
- Networks & Firewall Policies
The GRC-RT will soon offer limited GRID
data and query capability to the public
without charge as a service primarily aimed
at small user organizations. The GRC-RT
currently has a membership program for
vendors and end users providing unlimited
access to GRID data and metadata. Sponsor
members are granted a license to maintain a
local copy of the GRID and provided with a
mechanism to keep the data/metadata
synchronized with the public copy. This
program is appropriate for firms that offer
products and services in the governance,
risk management and compliance (GRC) space,
and end user organizations with complex
regulatory requirements.
GRC-RT members pay dues based on their
annual revenue and level of membership.
Members are encouraged to participate in the
ongoing plans for the GRID as participants
on the Advisory Committee, and to contribute
relevant IP for inclusion in the GRID. In
addition to GRC-GRID privileges, GRC-RT
members receive a host of additional
marketing, collaboration and administrative
benefits.
|
