BLOG > ARTICLE

Governance, Risk management and Compliance (GRC) for your organization

4 min read

All organizations must follow the rules. GRC or ‘governance, risk management and compliance’ is not exactly new. Businesses have always had to be aware of their approach to storing and maintaining records, processing data and information. But going beyond the legal importance of such things, GRC is also a collection of capabilities that enables a business to reliably achieve objectives, address uncertainty and act with integrity. It doesn’t just apply to information management, but stretches business-wide, and touches how finance, IT, HR and the executive board all work.

As the business landscape changes and evolves (with the help of technology and cloud computing) GRC and the way in which its components are managed must also evolve. We are in an era where cybercrime is at its most prevalent and with the upcoming rollout of the General Data Protection Regulation (GDPR), an organization’s priority should be focused on unifying its GRC processes.

Keeping up with the times

In recent years there have been many well-publicized cases of data breaches and big firms receiving fines for malpractice/failing audits. For example, the number of companies fined for data breaches doubled last year due to a crackdown by Britain’s privacy watchdog, the Information Commissioner’s Office. The increase in cautions by the watchdog comes in the wake of more cyberattacks and company failures to comply with data protection standards following a breach. This trend is set to continue with the arrival of the GDPR, which will hand individuals more power in how their personal data is managed by companies they deal with, and will compel organizations to reevaluate their ability to maintain good corporate management, identify risk and take measures to ensure conformity with laws and policies.

If your organization runs on SharePoint, GRC processes need to extend to the customized code your IT team have added to the platform. SharePoint often holds the entirety of a company’s data, is actively used by employees and external third-parties every day, and has an ever-increasing volume of customizations available to add-on. Therefore, your SharePoint environment needs a strict GRC process.

SharePoint is the bedrock of how companies operate and the customizations they use are an essential component to that. But it is also where risks of data breaches, non-compliance and poor governance can form and spread to every area of the business.

If we can tell anything from the cyberattacks of recent years, it’s that many organizations’ SharePoint GRC practices are perhaps not as precise as they need to be. Now is the time for you to make sure you have in place steadfast policies regarding the customizations you currently have, the ones you intend to implement and their associated level of risk.

Cybercrime is not a flash in the pan; rather, it could be considered the ‘new normal’. Damage costs related to cybercrime is set to reach $6 trillion annually by 2021. And as IBM’s CEO, Ginni Rometty said in 2015: “Cybercrime is the greatest threat to every company in the world.

Setting a GRC policy for your SharePoint platform

Poor SharePoint customization management can adversely affect the user experience of the platform, resulting in compliance mistakes, poor governance and higher risk. For example, employees may—with the best of intentions—introduce apps into SharePoint that may not be adequately tested, may not be safe or may defy your GRC policy.

For more complicated code customizations, it is highly advisable that you have in place a process that conforms to your company’s GRC policy. This should include:

  • Performing checks on the quality of the code before it is added to your environment, for function and security
  • Checking to ensure it runs smoothly in conjunction with other customizations
  • Checking regularly to see that it still runs after updates are made

If you are customizing aspects of SharePoint Online, you need to ensure any updates Microsoft make don’t disturb how your customizations function.

A secure IT environment is the foundation on which all other secure and well-managed business processes can be built. And excellent business processes make implementing GRC processes and policies much easier and allow your business to run smoothly.

The power of third-party tools for custom code in SharePoint

The safest way of customizing SharePoint is to develop a consistent approach for testing the functionality and security of each code customization, while also following safe and secure processes when deciding which customizations can be introduced. This should be central to your organizations GRC process.

This is where Rencore steps in – their Governance and Risk Prevention SharePoint customization solutions are tailor-made to fit seamlessly into your organization’s IT GRC plan, helping your organization create robust and water-tight SharePoint customizations.

As a result, your organization will have a strong IT GRC foundation that flexes with the latest updates, complementing your business-wide departments and completing your whole organization’s GRC policy. Don’t build a house of cards – build a sound organizational structure that stands the test of time.

Once implemented, Rencore’s solutions could potentially save your organization millions.

LEARN MORE!

In the ever-evolving world of business and technology, theories and practices are always being challenged and improved. Keep an eye on where GRC might be heading in the future by reading up on Gartner’s Integrated Risk Management (IRM) Magic Quadrant.

Lee Sellen

Lee is the Content Marketing Manager at Rencore. He writes about a broad array of topics ranging from corporate, solution and product news to high-level SharePoint and Office 365 governance, modernization and risk topics. Lee is in charge of Rencore's research and reports unit aiming to gain new insights into how users work with SharePoint and Office 365. A passionate writer in all areas, he also covers Rencore events, webinars and other online activities.