Practical GRC: Where to Start When You Don’t Know Where to Start

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

When I started at deepwatch, it was a classic startup situation. We had an incredibly lean team and a disconnected and disorganized GRC approach. My biggest concern was what I could do quickly and what would provide us with the most value.

The specific task I was given? Finding a GRC tool that would serve deepwatch in multiple ways:

Build trust with customers Create a connected, central repository of evidence and documentation Mature our processes Make our lives easier

We decided to partner with LogicGate, and our first step was combining everything into one (massive) standardized process. With everything interconnected and in the same place, we could perform the full scope of our audits (including SOC2 and PCI) easily, enabling us to secure big-ticket clients at a nearly 50% faster rate with greater efficiencies on the horizon.

Once that was in place, I expanded into other GRC areas, prioritizing the most business-critical initiatives first, and grew into six Risk Cloud Applications.

Looking back

Read the article