Glossary definition

GRC

GRC is governance, Risk, and Compliance, an integrated approach to managing organizational governance, risk identification and treatment, and regulatory compliance.

TPRM & GRC

Why It Matters

In security reviews

GRC programs produce the policies and controls that security answers are drawn from and define how vendor risk is governed.

Workflow Context

Where it shows up

Provides the policy and control framework underlying questionnaire answers and TPRM assessments.

Common Mistakes

What to avoid
  1. Treating grc as a universal term with no workflow context.

    Use this as an editorial checkpoint when the term appears in a buyer review, internal workflow, or vendor evaluation.