Governance Risk & Compliance (GRC)

Every organizational business function and process is governed in some way to meet objectives. Each of these objectives has risks, as well as controls that increase the likelihood of success (or minimize the impact of failure). These are the fundamental concepts of GRC. To maximize business performance, GRC programs are designed to help companies avoid major disasters and minimize the impact when avoidance is unlikely.

Latest Research

  • For Security & Risk Professionals

    REPORT: The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2018

    The 14 Providers That Matter Most And How They Stack Up

    February 15, 2018 Renee Murphy, Claire O'Malley

    In our 23-criteria evaluation of governance, risk, and compliance (GRC) platforms, we identified the 14 most significant ones — ACL, Enablon, IBM, LogicManager, MetricStream, Nasdaq, NAVEX Global, Riskonnect, RSA, Rsam, SAI Global, SAP, ServiceNow, and Thomson Reuters — and researched, analyzed, and scored them. This report shows how each provider measures up and helps risk management professionals make the right choice.

  • For Security & Risk Professionals

    REPORT: Protect Your Executives From Cybercriminals, Fraudsters, And Themselves

    Key Steps To Shield Business Leaders From Cyberattacks, Social Engineering, And Virtual Imposters

    February 6, 2018 Stephanie Balaouras, Claire O'Malley, Heidi Shey

    Business executives are frequent, easy, and attractive targets for cybercriminals. In this report, we explain how cybercriminals and fraudsters target business leaders and how those executives' own activities can magnify the risk and the damage. Next, we outline best practices that security and risk (S&R) teams can use to educate and protect executives against these attacks and scams.

  • For B2C Marketing Professionals

    REPORT: The Capabilities Marketers Need To Build A Strategic Privacy Function

    Tools And Technology: The Customer Trust And Privacy Playbook

    February 5, 2018 Fatemeh Khatibloo, Alexander Spiliotes

    Managing customer privacy is increasingly critical to firms' ability to win, retain, and serve their customers. To help them meet customer and regulator expectations, B2C marketers and their peers are evaluating and adopting a range of contributing capabilities. This report reviews 17 capability categories that support marketers' privacy programs.

  • For Security & Risk Professionals

    REPORT: Harden Your Human Firewall

    Continuous Improvement: The S&R Practice Playbook

    February 2, 2018 Nick Hayes, Claire O'Malley

    Human mistakes can render even the most sophisticated technical security controls useless. However, you can reduce the inherent vulnerability of your workforce and even turn staff into a strong security asset. This requires more than just training and awareness; your focus should be effecting behavioral change. In this report, we share lessons from CISOs, training firms, and communications experts to describe an approach to reducing security risks with your firm's employees.

  • For Security & Risk Professionals

    REPORT: The State Of GDPR Readiness

    GDPR Readiness Progresses, But Strategies Depend Too Heavily On IT

    January 31, 2018 Enza Iannopollo

    With the deadline for GDPR compliance looming in May 2018, it's a good time for security and privacy professionals to take stock of how their readiness efforts and approaches compare to the rest of the industry. This data-driven report outlines the current state of compliance, trends by industry and geography, and key Forrester recommendations for moving your efforts forward.

View all research

Analysts Who Cover Governance Risk & Compliance (GRC)

View all related analysts