Practical GRC: Where to Start When You Don’t Know Where to Start

Updated: November 15, 2022

Table of contents

When I started at deepwatch, it was a classic startup situation. We had an incredibly lean team and a disconnected and disorganized GRC approach. My biggest concern was what I could do quickly and what would provide us with the most value.

The specific task I was given? Finding a GRC tool that would serve deepwatch in multiple ways:

  • Build trust with customers
  • Create a connected, central repository of evidence and documentation
  • Mature our processes
  • Make our lives easier

We decided to partner with LogicGate, and our first step was combining everything into one (massive) standardized process. With everything interconnected and in the same place, we could perform the full scope of our audits (including SOC2 and PCI) easily, enabling us to secure big-ticket clients at a nearly 50% faster rate with greater efficiencies on the horizon.

Once that was in place, I expanded into other GRC areas, prioritizing the most business-critical initiatives first, and grew into six Risk Cloud Applications.

Looking back on our experience, I would recommend a few things to anyone looking to get started with a GRC program. My key takeaways:

  • Start small. Identify your most critical use cases and build from there. Think ahead and plan for scale when building out your program. For us, we believe our risk function is the most important part of our program, so we have built it out from there. 
  • Don’t reinvent the wheel. Utilize framework templates like the ones in the Risk Cloud Exchange, so you can get started quickly and easily. This helped us get started and scale up faster.  
  • A holistic approach is imperative. Having a connected system like Risk Cloud allows you to get real-time visibility into what your risk posture is. Because of this, we’re able to see what we need at any time instead of waiting until our next annual review.  

LogicGate has been a major partner since the beginning of our GRC journey, and they have supported us every step of the way. As we continue to expand and perfect our processes, I’m so thankful that we have LogicGate in our corner. 

Founded in 2015, deepwatch has been working to advance Security Operation Center operations for customers ranging from small to Fortune 500 companies. To learn more about deepwatch visit If you’d like to learn more about LogicGate’s holistic GRC platform, Risk Cloud, visit or request a demo

Practical GRC: Where to Start When You Don’t Know Where to Start was a client session during Agility 2021, Risk Reimagined. Matt Whitenett, Principal Compliance Analyst at deepwatch, joined David Goings, RVP of Sales at LogicGate, to discuss the benefits of having a fully integrated GRC solution and where to get started. 

Further Reading

GRC Insights Delivered to your Inbox