About BWise

Blog

Managing GRC Content

October 28, 2015 by
Filed under: Compliance Management

The business of GRC is an amalgamy of different solutions, different providers, each addressing different market needs. It's an illusion that any single party could ever cover all of the needs in GRC. For this, the GRC market is simply too broad, with too many industry specific angles and regional differences.

Different Regulations

An important part of the differences is in the content. Different regions, different industries, different legal company structures, and different company sizes all require different content. And with that, I mean not only that risks and controls are (vastly) different, but also and especially that regulations differ tremendously. Being a US asset manager, or a German insurance company, a French energy company, or an Australian telecom provider; it all is vastly different. Regulations are simply very specific.

The commonalities are tremendous however at a process level: risk assessments largely look the same across the board. KRI management is done in similar processes; incident management looks similar, reporting is similar. Of course, at a detailed level differences are quite substantial, but process-wise commonalities are certainly there. So, this is precisely why a configurable GRC platform most certainly can be applied across industries, across regions and company types. In fact, it greatly helps to leverage the process knowledge gained in one industry in another industry.

Content-Agnostic Strategy

This is dramatically different with content. Apart from some generic frameworks, all content is very (!) specific. These generic frameworks, like ISO 27.002 in information security, are applied in many different industries because of the commonalities of the underlying subject (IT processes and assets in this case). But in the vast majority of cases, say 90% of all content needs to be country specific, industry specific and even company specific.

The conclusion is that a leading GRC platform should have a content-agnostic strategy. And this is exactly what Nasdaq BWise does; we work with all leading content providers. And we're also happy to work with the not (yet) leading providers as well. We need to; the global market is immensely diverse, and although customers may be in the same industry, every customer is unique.

Tags: Compliance

More Information

What is GRC?

Read the definition of Governance, Risk and Compliance


Gartner ORM report

Nasdaq's BWise has been positioned as a Leader in Gartner's Magic Quadrant for Operational Risk Management Report, 2015. 


Forrester report

Forrester positioned Nasdaq BWise as a Leader in New Report, The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2016.


Why BWise

Download the brochure: Three Key Reasons why Hundreds of Customers Rely on Nasdaq BWise.

Scroll up