Series Spotlight: Revolutionizing GRC with 6clicks: Part 3 - Curating and Maintaining Robust GRC Content


Manage episode 306880524 series 2394860
By Thomas Fox. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Welcome to this special podcast series, Series Spotlight: Revolutionizing GRC with 6clicks, sponsored by 6clicks. This week I visit with Joe Schorr, Vice President (VP) of Global Channel Sales, Andrew Robinson, co-founder and Chief Information Security Officer, Stephen Walter, head of Marketing, Dr. Heather Buker, Chief Technology Officer, and Ant Stevens, co-founder and Chief Executive Officer. Over the series, we will break down 6ckicks Hub and Spoke approach, utilizing Artificial Intelligence (AI) and Machine Learning in governance, risk and compliance (GRC), curating and maintaining a robust GRC content, producing audit ready reports, and look at what’s next for 6clicks down the road. In Part 3, I am joined Stephen Walter to discuss curating and maintaining robust GRC content.

Walter said that for someone just starting out at a budding GRC program “navigating the complexities of achieving and maintaining, compliance within a number of regulations and or authorities can be quite daunting.” With all these regulatory compliance requirements, comes content needs. Curating the needed content which could be regulatory or compliance content or it could be as wide and as varied as “content assessments, audits, frameworks, best practice, risk libraries, policies, and control sets.” Providing and housing all of these can present some serious challenges. Next, overlay that content spread through different management systems like Google or SharePoint; together with mailboxes and, as Walter notes, “it really creates chaos. Next consider outdated regulations, leading to outdated risk management policies and other required internal content materials, can all equal noncompliance with the legislations.”

One interesting observation was that because risk and compliance has been elevated in organizations, right up to the Board agenda, these conversations are resonating with companies. This allows smaller companies to have more robust risk and compliance functions through the use of GRC tools and advisors. Walter is seeing much less of a top-down approach where unilateral decisions are made the top. It can now be a more bottom-up approach, democratizing the approach to risk and compliance and bringing in the people that are actually in the trenches to convey their message upward in the company as well. This can make the job of a GRC professional much easier with the wide variety of stakeholders involved, there is something for everyone. A GRC tool allows for the jettisoning of outdated methods and processes so a company can innovate itself into a better system.

Walter concluded with a few thoughts on the 6clicks content library, which he termed “massively rich.” It all begins with authority documents which are the standards, laws, and regulations. From there you move down to policies, which are the measures you put in place to mitigate risk or demonstrate compliance with the controls within them. Next these controls have responsibilities, such as “who does what, how often and when the control measures, which those responsibilities are maintain the effectiveness of that control.” Those are all there already inside the 6clicks content library and you can create your own.

Join us tomorrow where we take up the topic of producing audit-ready reports with 6clicks Pixel Perfect™, with 6clicks Chief Technology Officer, Dr. Heather Buker.

For more information on 6clicks, check out their website here.

350 episodes