Whitepaper GRC

The recent ransomware hacks of the University of Maastricht and the Leeuwarden Hospital put – again – data security and privacy protection high on the social agenda. Cybercrime is a fact of live. And people accept drastic measures in case of an attack.

They did when both the University and the hospital rebuild their defense and took all their systems of the grid. But acceptance falls if public institutions do not live up to their imposed security standards. Left aside the cases of flagrant disrespect to act in accordance to a code of conduct or a set of legal norms. These incidents push institutions to explain how they comply to ‘external’ security norms. Are they in control over their security? Moreover, the call for reliability in public services fosters more openness and transparency.

This results in pressure on the reliability in processing and provision of information. Management is enforced to prove their compliance and to explain their being ‘in control’. The triad ‘Governance’, ‘Risk management’ and ‘Compliance’ (GRC) will not prevent incidents. It helps to face the challenges. It helps to prove commitment to quality of public services. And it helps to foster people’s trust in public institutions.