Dos and don'ts for IT GRC success

Throwing tools at the problem won't get you anywhere. Experts provide IT GRC guidance for making your life simpler - not more complicated.

Special Report on GRCIT GRC tools: Control your environmenteGRC vs. IT GRC

See more in


DO agree on an IT-GRC implementation strategy. Moving disjointed, manual processes into an automated, centralized tool is an enormous undertaking. While a giant boa constrictor can unhinge its jaw and swallow a large mammal whole, that strategy is not advisable for your enterprise.

Choose a high-priority area for your initial implementation, preferably one that will produce a quick ROI. This will give you a record of success to build on and give you and the users a working knowledge of how to use the software, assess its value and share their knowledge with others. Take a top-down approach that will serve as a model as you expand, rather than a controls-centric tactic that won't scale well.

This first deployment should be initiated in the context of a larger plan for rolling out the IT GRC across the enterprise. After all, the goal is a centralized, automated, standards-based enterprisewide deployment.

To continue reading this article register now

How to choose a SIEM solution: 11 key features and considerations