Request failed with status code 502

Compliance Management

Learn how to do ISO 27001, PCI-DSS, NIST, SOC2 or any other compliance requirement with eramba

  • Episodes18
  • Duration5h 31m 16s
  • LanguagesEN
Episode 2

Problems & Solutions

Problems & Solutions

The key points are:

  • GRC (Governance, Risk, and Compliance) is a practice where every organization implements it slightly differently, similar to how companies approach sales or marketing.

  • In eramba, the core modules are risks, compliance management, and data privacy. These represent the "problems" that the organization needs to address.

  • The "solutions" in eramba are internal controls, policies, exceptions, and projects. These are used to address the problems identified in the core modules.

  • The first principle in eramba is to link the problems (risks, compliance requirements, data flows) to the solutions (controls, policies, exceptions, projects) that the organization has in place.

  • The second principle is the use of statuses to indicate whether the solutions are actually working as intended, such as whether policies have been reviewed, controls have been tested, and projects are on track.

  • The statuses are crucial because they provide visibility into whether the organization is truly addressing the problems it has identified, not just having solutions "on paper".