GRC Reference Architecture

New Overview Report from Kuppinger Cole available

Duesseldorf October, 14th, 2009 - Governance, Risk & Compliance - these three terms, in short "GRC" are pretty widely used in these days. Unfortunately, there is great confusion in how this term is used. The reason for this confusion is with high probability the fact that it allows to sell pretty easily all kind of technology under the umbrella of "Risk" and "Compliance" solutions.

The new report "A GRC Reference Architecture" aims to clarify the term GRC by defining a reference architecture, what exactly should be part of a GRC framework and how the different parts interact. It looks at GRC from a company-wide point of view, assembling all activities that have a certain internal control nature, yet focused on cost effectiveness and overall capability building.

"The architecture definition is driven by a central "GRC" process with four major phases: Requirements Modeling, Status Investigation, Situation Improvement and Crisis & Incident Management" claims the author, Prof. Dr. Sachar Paulus. These phases are described in detail, including the technical and organizational options and recommendations that stem from the setup of the model.

This report lays the ground for subsequent research by KC analysts on the different products and solutions in the market, from the big software companies to niche players. "The product and market reports will use the reference architecture as a fundamental structuring element, to enable customers to immediately understand which value - and where - a certain "Compliance" solution will bring them" adds Prof. Paulus.

Should you require a copy of the report for editorial reasons, please contact us. We request specimen copies of publications, which refer to our reports and studies.