With the compliance universe defined, the next step in the GRC process is to assess how well your current policy, strategy, processes, and technology meet your compliance requirements, and prioritize the risks of non-compliance.
The assess stage includes the following key elements:
Examine the elements in your compliance universe and determine how adequately they conform to compliance requirements.
Determine the gaps between the current and desired level of compliance and assess the risk to the organization for non-compliance.
Prioritize non-compliant elements in your universe to determine the most effective path towards compliance.
