Archive - GRC Lab

How to Solve the GRC Puzzle: A Roadmap Through the Noise

I remember sitting in security meetings at the very start of my career, feeling completely lost.

Nov 30 •

A Smarter Way to Audit Personnel Security

Why you should audit the employee lifecycle and pull in some IT controls as well.

Nov 21 •

It’s Just Paperwork, Right?

How to make sense of policies, standards, and procedures.

Nov 14 •

What to Do When Auditors Ask for a Document That Isn't Required?

An auditor asks for a piece of paper, and your heart sinks. But what if they're wrong?

Nov 7 •

October 2025

Why your SoA is NOT compliant!

As an auditor, I see the same mistake all the time. Here’s what the standard actually requires.

Oct 30 •

The Missing Link in your Documentation

Discover the difference between processes and procedures.

Oct 24 •

The New "Big Three": How ISO 27701:2025 Completes the Modern Governance Playbook

ISO/IEC 27701 was finally released!

Oct 16 •

CMMC is Here - What's Next?

A guest article by Jacob Hill.

Oct 7 •

September 2025

Farewell RMF, Hello CSRMC!

Today the U.S. Department of War (DoW) surprised us all.

Sep 25 •

Requirements vs. Controls

Discover the critical difference between requirements and controls in GRC, and learn how to avoid costly audit mistakes that could impact your…

Sep 21 •

Launch Alert: Free ISO 27001 Docs Now Live at GRC Lab!

Inside this Edition

Sep 11 •

How to Stand Out by Combining ISO 27001 with Sector Specific Standards.

Discover how to elevate your information security strategy by strategically combining ISO 27001 with sector-specific standards to differentiate your…

Sep 4 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts