GRC / ISO 38500 Consultancy

GRC is used as a term covering the governance, risk and compliance areas of corporate activities. It is aimed to make these areas of activity increasingly harmonious and integrated in order to increase corporate performance and improve the services offered to meet the needs of stakeholders. Implementing and integrating GRC in organizations requires a systematic approach to reliably achieve stakeholders' business objectives. These approaches are generally based on enablers such as principles, policies, models, frameworks and organizational structure.
‍
ISO 38500 standard is the ISO standard based on the GRC approach. This standard defines principles for efficient, effective and acceptable IT use for enterprise managers. The ISO 38500 standard is applied for the governance of management processes related to information and communication services. These processes can be controlled by IT experts, external service providers or business units.

The ISO 38500 standard defines 6 principles:
• Responsibility
• Strategy
• Acquisition
• Performance
• Compliance
• Human behavior
‍
ISO 38500 defines that managers should manage IT with 3 basic principles:
• Evaluate the current and future status of IT usage.
• Ensure the preparation and implementation of plans and policies for the use of IT to meet your business objectives.
• Monitor compliance with policies and performance of plans. BTYÖN provides solutions for designing, creating and improving GRC processes. BTYÖN provides training and consultancy support at every stage, from process design to software selection and dissemination of processes to relevant parties.