The ‘C’ in GRC: IT Compliance in dynamic times

9 min read
9 min read

We’re back with the last installment of the GRC blog series. Last week, we talked specifically about IT Risk management. There are many places threats can come from – both internal and external – whether it’s a hacker infiltrating your systems or an innocent employee accidentally clicking on a suspect link in an email. Or it can be ‘risky’ customized code that isn’t secured well enough. Ensuring your business processes and IT infrastructure are secure is essential practice.

Most organizations must implement careful structures to make sure the way the business operates is both efficient and in keeping with industry rules and regulations. These business processes are handled in specific ways according to a Governance and Compliance strategy.

Typically, this will mean that the way you police your business is transparent and accountable; the way you manage and store your documents is in accordance with Compliance best practice; your IT Governance plans make sure your IT infrastructure is sustainable.

However, IT Compliance isn’t finished once you’ve designed a strategy, put it in place and flipped the switch. One of the key components of strong IT Compliance is the extent of your IT vigilance. This is, simply put, your ability to monitor the various IT platforms within your infrastructure and make sure that they remain compliant, coherent and functioning long term.

This can be more difficult than first imagined, depending on the size of your organization, your number of users and other, more technical, components. For instance, if you use a platform like SharePoint, you’ll likely have multiple customizations that have been added over time, along with several cloud add-ins that continue to build up, and you may be managing multiple iterations of SharePoint depending on the size of your business. This can make keeping a firm grip on your Compliance strategy a real struggle.

Good Compliance is good vigilance

Constantly monitoring your platforms to make sure they are compliant is a big job. Vigilance as a tool of management is defined as being watchful, staying alert, and acting cautiously when it comes to monitoring your internal operations. Vigilance in business administration is part of the strategy to effectively deal with cases of unfair practice, to detect irregularities, to understand why errors in process took place, and enable corrective action as quickly as possible.

It’s the same when it comes to the vigilance surrounding your IT environment. Monitoring your platforms and how they are being used is essential to making sure they remain secure, that your processes remain optimally productive and you are ready if things go wrong. Monitoring is one of the most effective methods when it comes to making sure your IT infrastructure is doing everything it’s supposed to as well as protecting it from sophisticated cyberattacks. Identifying and tracking users means you can understand where mistakes or oversights happen. What’s more, if there are intentional threats, monitoring means they can be caught before they can do too much damage.

Why is vigilance an important part of IT compliance?

No matter how secure your IT environment is, there are certain risks that you implicitly face:

  • External threats
  • Internal threats
  • Changes to your IT

Monitoring changes to IT

Collaborative platforms like SharePoint are central to your business processes, but with such great potential for productivity comes issues around Compliance and IT security. That’s why a good Governance plan can prevent problems before they arise. Today, the issue is having a Governance plan that’s as dynamic as the IT environment that it seeks to protect.

The recent development of hybrid cloud environments, mobile working, the increase in devices employees are working with, along with the large influx of data and information they are collecting, means the traditional manner of Governance must be updated and adapted. A large part of this is the process of monitoring the changes in the system and its effect on employees as they carry out their work.

Monitoring your SharePoint customizations

One of SharePoint’s great benefits is its malleability. You can build tools in SharePoint to help your employees in the specific way they want to get their jobs done. This flexibility breathes greater efficiency into your processes and is one of the reasons why SharePoint is one of Microsoft’s most popular products ever.

However, this also proves to be a challenge for IT Compliance. Often, changes made and tools built in SharePoint are done so with customizations – they need to be treated with their own Governance and Compliance process. There are inherent risks whenever customizations are introduced into an IT environment:

  • Unsafe customizations can be a security issue
  • Locating all customizations in large environments can be close to impossible
  • Customizations may at first be safe but with updates to other tools could stop working or represent a risk at a later time

These reasons each support the fact that a Compliance strategy is essential. And part of that strategy must include an aspect of IT vigilance. Monitoring changes to IT, including SharePoint customizations, and how they impact your processes is the best way to make sure you don’t fall foul of broken workflows, barriers to productivity and worse things like security risks.

It is at this very foundation where Rencore’s Governance and Risk Prevention solutions help support and strengthen each phase of your organization’s GRC approach. The automated functionality monitors your SharePoint customizations against a Governance plan, flagging any customizations that violate the rules put in place that could put your infrastructure and organization at Risk. This cycle assures that everyone stays Compliant.

Don’t build a house of cards – build a sound organizational structure that stands the test of time.

Once implemented, Rencore’s solutions could potentially save your organization millions.


In the ever-evolving world of business and technology, theories and practices are always being challenged and improved. Keep an eye on where GRC might be heading in the future by reading up on Gartner’s Integrated Risk Management (IRM) Magic Quadrant.


Subscribe to our newsletter