Governance, Risk, & Compliance
My thoughts, observations, and readings on different facets of GRC.
I was going through ISO 27001 and COBIT to understand the Third-Party (or vendors) Risk Management process in detail. And though both the frameworks provide enough guidance on ensuring the proper due diligence on the vendors, I could not find any material on what happens before the vendors are onboard – how does the Information…
Checklists turn out…to be among the basic tools of the quality and productivity revolution in aviation, engineering, construction – in virtually every field combining high risk and complexity. Checklists seem lowly and simplistic, but they help fill in for the gaps in our brains and between our brains. – Atul Gawande Just as Checklists solve…
In Summer’18, I worked at PayPal and had the first-hand experience of working with COBIT 51 . Though it’s been ~7 years that I have been working in the GRC space and worked on numerous projects that involved COBIT 5 guidance and principles, never once I had the opportunity to initiate a project, understand what…