White Papers June 01, 2013

RSA GRC Reference Architecture

This paper is a primer on the RSA GRC Reference Architecture - a visual representation of the GRC framework needed within an organization to meet today's governance, risk and compliance needs. The architecture provides a starting vision of how an organization should view GRC, its guiding principles and its final objectives.


Governance, Risk and Compliance (GRC) represents a business oriented approach to establishing ownership and accountability throughout the organization to improve decision making.

Governance is the act of directing, controlling and evaluating the culture policies, processes, laws, and institutions that define the structure by which organizations are directed and managed.

Risk is the negative effect of uncertainty on achieving objectives; Risk Management is the coordinated activities to direct and control an organization to realize opportunities while managing negative events.

Compliance is the act of adhering to, and demonstrating adherence to, external laws and regulations as well as organizational policies and procedures.

The RSA GRC Reference Architecture provides a simple illustration to bring context to the discussion. It can serve as a backdrop as an organization plans out its strategy and delivers the core value message to the executives or simple as a method to start the dialogue. GRC is a complex topic and while no illustration will completely sum up the many facets of the effort, the GRC Reference Architecture provides a foundation upon which to drive the conversation.