Compliance Research Group (CRG) has a singular mission - strategy and guidance to ease the cost and complexity of IT governance, risk and compliance (IT-GRC).
We only research issues and questions around IT-GRC strategy for solution providers and users. Our guidance helps
vendors to better understand the needs of the compliance marketplace. Our expertise helps users to deploy more efficient and effective
compliance programs.
IT-GRC Vendor Services
Large enterprises and mid-market companies are launching compliance and governance efforts, or investing to improve IT-GRC maturity. IT-GRC solutions are seeing double-digit growth, driven by users seeking to streamline management of compliance efforts. Compliance remains the top objective in spending for security controls.
Compliance Research Group helps GRC, security and IT vendors to increase their competitiveness and efficiency (Vendor Services). Competing in the IT- GRC tools and controls marketplace requires extensive knowledge of compliance and governance regulations combined with a broad understanding of user pain points and risk management processes. Add to this deep insight into the competitive landscape for product and service solutions, and the IT-GRC marketplace offers a unique challenge and opportunity, with its own requirements and value propositions.
End-User IT-GRC Services
IT-GRC for users is a confusing array of redundant regulations and overlapping guidance, with products and services claiming to ease the cost and complexity of the interminable compliance lifecycle. The compliance lifecycle of assessments, policies and procedures, controls, audits and remediation is a costly commitment for covered organizations wrestling with inadequate tools and incomplete processes. Meanwhile, compliance continues to be the chief driver of business security spending.
Compliance Research Group helps users struggling with IT-GRC issues to decipher regulations and make sound investments (User Services). An efficient and effective IT-GRC program means knowing what to do, and how to do it. It requires broad and deep knowledge of the regulatory environment, IT governance and processes, and management to sift through layers of confusing and conflicting information to reach the elusive goal of aligning GRC investment with business strategy. The business risk of investing too much in IT-GRC can be as high as the risk of under investing.
Original IT-GRC Research
We continually conduct original research into critical and timely IT-GRC topics, constantly adding pertinent quantitative and qualitative original research to our library (link her to IT-GRC Research page). CRG publishes illuminating reports and advisories for vendors of IT-GRC tools and controls, and users seeking to maximize their IT-GRC investment.
This article was originally written for and posted on The Compliance Authority. It is the first in a five part series looking at "Compliance in the Cloud" issues.
This article was originally written for and posted on The Compliance Authority. It is the first in a five part series looking at "Compliance in the Cloud" issues.
