The GRC process begins by defining what compliance regulations your organization needs to address and which parts of your organization are impacted. This is, in essence, the compliance universe as it pertains to your organization.
The define stage includes the following key elements:
Develop and document a complete and thorough understanding of the external and internal compliance regulations you face.
Research the current compliance issues for businesses in your industry and determine whether problems in other industries are about to spread to yours.
Conduct a complete inventory of all aspects of your organization which may be impacted by the compliance regulations or issues.
