7.5. IT GRC Principles
When you're designing an infrastructure or set of procedures to support and monitor IT compliance activities, you may want to keep a few principles in mind. Let's look at some of these principles.
7.5.1. Use Best Practices
A compliance audit can be a painful and expensive process. The definition of what constitutes adequate controls for a given regulation can be very subjective. This complicates compliance audits because they often involve discussions with auditors relating to the effectiveness of an organization's controls. Still, we encourage people to think of audits in a positive light, in that they help ensure that you're adequately managing risks.
One way to attempt to simplify these audits, as well as help ensure ...
Get Under Control: Governance Across the Enterprise now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
