To GRC, or not to GRC? That is the question I posed to risk management & security professionals as I circumnavigated the globe over the past two months. Governance, Risk & Compliance (GRC) technology has matured greatly over the past decade, but the answers to my question point to some interesting gaps in GRC technology usage today.
My journey to find answers to my simple question took me to four corners of the world – North America, Latin America, Australia/New Zealand and Europe. It was in these regions that Gartner hosted is annual Security & Risk Management Summits and I had the privilege to speak to more than 700 IT leaders about GRC technology. Here’s a summary of the answers I received.
Not surprisingly given a over a decade of maturity, 54% of companies are using GRC technology. However, what is surprising is the fact that 75% of companies are not using technology to integrate GRC.
What does that mean? It means that an overwhelming number of companies today do not have a clear, comprehensive view of their operational/IT risks as well as a way to govern and comply to regulatory and industry mandates.
At this week’s Gartner US Symposium in Orlando, my fellow analysts unveiled this year’s annual CIO survey results that point to a need for more “platform thinking” in businesses. This is also true with GRC. A platform approach that will provide a comprehensive view of risk and compliance while allowing for the agility to integrate a diverse set of GRC technology tools is clearly needed now.
Read Complimentary Relevant Research
Five Golden Rules for Creating Effective Security Policy
Policy writing is a risk communication exercise that is frequently performed by people who lack the skills needed to create good security...
View Relevant Webinars
Fundamental Principles of Software Asset Management
Whether you've got too much software or not enough, uncontrolled software costs are a drain on your IT department, consuming resources...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.