Protect Your Organization with Improved Incident Response
A well-planned incident response capability can protect your organization from external and internal threats, no matter where work takes place.
The concept of Agile GRC has gained currency in cybersecurity and corporate governance circles over the last couple years. In this two-part blog series, we’ll unpack the meaning of Agile GRC, examine the attributes that Agile GRC technologies have in common, and provide a reference point for GRC tech buyers to consider. See Part II here.
Agile GRC has some disparate definitions. It has been described as everything from the logical marriage of needs and technology to a disruptive force in the world of governance, risk management, and compliance, destined to change the face of corporate governance forever.
If one thing is certain, it’s that risk and compliance managers need to know what it involves and what it means for them. So what is it really? Let’s dive in.
Agile GRC is a methodology to approach governance, risk, and compliance that helps companies manage their risk and compliance needs with speed and accuracy in the face of change and uncertainty. Like all approaches to GRC, Agile GRC’s chief aim is to protect the organization against risks, comply with regulations, and enable the company to make the right decisions. But it also bears a number of markings that separate it from its non-agile brethren.
“The reality is that GRC can be agile and not a behemoth of cost," says GRC Expert Michael Rasmussen in a recent blog post on the topic. "There are a range of solutions in the market that are highly agile with ease of configuration and adaptability."
Before we explore what sets agile solutions apart, it’s important to recognize that Agile GRC is a term of art. It isn’t the same thing as Agile, the project management methodology—though the two share a few characteristics, such as responsiveness, flexibility, and collaboration.
It’s also commonly defined by what it is not. Agile GRC is frequently held up as the antidote to legacy GRC solutions and the headaches they cause due to rigidity, implementation time, and expense. We’ll dig into that later in this post.
Agile GRC is loosely derived from Agile Software Development and the tenets found in the Agile Manifesto.
The tenets of agile development include prioritizing...
...individuals and interactions over processes and tools.
...working software over comprehensive documentation.
...customer collaboration over contract negotiation.
...responding to change over following a plan.
Applied to software, the Agile Manifesto also identifies 12 primary principles (found here) of agile development. While not every principle is a direct carryover, many have informed Agile GRC as a discipline. Some of these principles include:
Flexibility, the voice of the customer, and efficient collaboration are common threads that have obvious applications to GRC. With an Agile GRC approach, GRC practitioners are able to experiment and iterate on their ideas, and ultimately achieve the business goals they seek more quickly. In the next section, we’ll look at how that’s achieved.
What characteristics do Agile GRC solutions share that separate them from other options on the market? We’ve broken those down into a few core areas, listed below.
Agile GRC solutions are…
By facilitating transparency, completeness, and alignment with the company’s overall mission, these emerging technologies serve as enablers for Agile GRC to further change the way companies make decisions and help them fight another day.
A well-planned incident response capability can protect your organization from external and internal threats, no matter where work takes place.
Risk Cloud Exchange is an ecosystem that is designed to inspire your risk program in Risk Cloud by giving you that holistic look into the…
LogicGate CEO Matt Kunkel, discusses the 6 biggest GRC trends that you should be prepared for in 2021.