GRC-Ready Metrics   

GRC platforms are focused on efficiency. However, most GRC platforms offer no path to help a GRC customer advance on a path towards maturity. The Digital Security Program (DSP) can rapidly advance an organization to a high Capability Maturity Model (CMM) level of maturity, since the DSP comes with metrics, including recommended Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs).

Since a picture can be worth 1,000 words, the video to the right helps describe the methodology of how we developed the DSP so you can see examples of the hierarchy structure and overall flow of our documentation, including metrics.

   Metrics: What Right Looks Like   

The diagram shown below helps visualize the linkages in documentation that involve metrics:


  • STANDARDS are written to support CONTROL OBJECTIVES

  • PROCEDURES are written to implement the requirements that STANDARDS establish

  • CONTROLS exist as a mechanism to assess/audit both the existence of PROCEDURES / STANDARDS and how well their capabilities are implemented and/or functioning

  • METRICS exist as a way to measure the performance of CONTROLS


© Compliance Forge, LLC (ComplianceForge). All Rights Reserved.

This website does not render professional services advice and is not a substitute for dedicated professional services. If you have compliance questions, you should consult a cybersecurity or privacy professional to discuss your specific needs. Compliance Forge, LLC (ComplianceForge) disclaims any liability whatsoever for any documentation, information, or other material which is or may become a part of the website. ComplianceForge does not warrant or guarantee that the information will not be offensive to any user. User is hereby put on notice that by accessing and using the website, user assumes the risk that the information and documentation contained in the web site may be offensive and/or may not meet the needs and requirements of the user. The entire risk as to the use of this website is assumed by the user.

ComplianceForge reserves the right to refuse service, in accordance with applicable statutory and regulatory parameters.

  • LinkedIn Social Icon
  • Facebook Social Icon
  • Google+ Social Icon