Governance, Risk & Compliance (GRC) Self-Assessment Checklist

About this resource

In a volatile business environment, managing risk and ensuring compliance are critical to staying stable and growing sustainably. This document is a self-assessment tool that lets organizations quickly gauge their maturity against the Governance, Risk, and Compliance (GRC) framework, focused on three pillars: - Governance: management mechanisms, decision-making processes, and accountability. - Risk Management: identifying, analyzing, assessing, and controlling risks that could affect business objectives. - Compliance: meeting legal requirements, industry regulations, internal standards, and other commitments.

Checklist

Get this resource

Fill in the form and we'll email the file to you.

Related resources

ChecklistVietnamese

[Checklist] 100 Security Questions for Small and Medium Businesses

SMEs are frequent targets of ransomware and data-theft attacks, often with more severe consequences than large enterprises because they lack the resources to recover quickly. This 100-question checklist helps SMEs systematically audit their security posture across policy, infrastructure, and people, identify gaps, and put in place the controls needed to reduce the risk of compromise.

ChecklistVietnamese

[Checklist] Personnel Controls to Prevent Data Leakage

Insider activity is one of the leading causes of data-leak incidents — through privilege abuse, unauthorized copying, or employees taking data with them when they leave. This checklist helps organizations identify weaknesses in HR-related data governance, assess the current state, and put in place controls that prevent leaks from inside the organization. It's particularly relevant for businesses that collect, store, and process customer data — especially in finance, technology, real estate, and e-commerce — for HR, IT, and InfoSec teams that need to jointly build internal-control policies, and for organizations preparing to comply with Vietnam's Decree 13/2023/NĐ-CP on personal-data protection.

ChecklistVietnamese

Information Security Controls Checklist per ISO/IEC 27001:2022

Complying with international standards such as ISO/IEC 27001:2022 not only protects information assets comprehensively but also builds trust with customers and partners. This document provides a detailed list of information-security controls aligned with the 2022 revision of ISO/IEC 27001, enabling organizations to track, assess, and implement optimal security measures.