SECURITY POLICY & STANDARTS

Publishing a policy and standards library depends on the communications tools available within an organization. Some organizations keep documents in Word format and publish them in PDF format. Other organizations use Governance, Risk, and Compliance (GRC), a class of software for supporting policy management and publication.

In addition to authoring documents, GRC software typically includes a comprehensive set of features and functionality, such as assessing the proper technical and nontechnical operation of controls, and mitigating/remediating areas where controls are lacking or not operating properly (governance).

Answer the following question(s):

  1. 1. Why might an organization use the Word and PDF approach rather than GRC software, and vice versa?

Please use the proper citation and references.

Tags: No tags