Governance, Risk and Compliance
GRC domain controls.
Governance Program Policy and Procedures
Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for an information governance program.
Risk Management Program
Establish a formal, documented, and leadership-sponsored Enterprise Risk Management (ERM) program that includes policies and procedures for identification, evaluation, ownership, treatment, and acceptance of cloud security and privacy risks.
Organizational Policy Reviews
Review all relevant organizational policies and associated procedures at least annually or when a substantial change occurs within the organization.
Policy Exception Process
Establish and follow an approved exception process as mandated by the governance program whenever a deviation from an established policy occurs.
Information Security Program
Develop and implement an Information Security Program, which includes programs for all the relevant domains of the CCM.
Governance Responsibility Model
Define and document roles and responsibilities for planning, implementing, operating, assessing, and improving governance programs.
Information System Regulatory Mapping
Identify and document all relevant standards, regulations, legal/contractual, and statutory requirements, which are applicable to your organization.
Special Interest Groups
Establish and maintain contact with cloud-related special interest groups and other relevant entities in line with business context.