This section provides links for Governance, Risk and Compliance related bodies that can help your organizational maintain compliance and alleviate risk:
The IT GRC Forum welcomes your suggestions for more listings. Please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.
Gain free membership to the IT GRC Forum. Members have the facility to share best practices and network with peers in the members forum, and gain access to market intelligence in the form of Analyst Research and vendor Whitepapers, Case Studies and Media Presentations. Read More
Improve your knowledge base and Identify the best IT Solutions through our eMedia Centre.
Please click on the links below to access our educational archive: The IT GRC Forum publishes topical media from leading Solution Providers. There is no cost for submission however all documents will be reviewed pending publication. Please send documents to This email address is being protected from spambots. You need JavaScript enabled to view it..
Gain market intelligence and identify IT Solutions:
Welcome to the Learning Management System! Apart from accessing all your e-learning courses, you can communicate with your training manager, tutor or other learners using chat, messaging services or discussion board, check your progress, maintain an events calendar, take notes and do a lot more. Click Here for access.
Links for Governance, Risk and Compliance related bodies that can help your organizational maintain compliance and alleviate risk:
WDPA
World Data Protection Authorities
Links to Government authorities that implement and monitor local and regional data protection and privacy regulations.
Bank for International Settlements
GASB
Government Accounting Standards Board
The GASB establishes and improves standards of state and local government accounting and financial reporting.
Federal Reserve
FASB
Financial Accounting Standards Board
The Financial Accounting Standards Board (FASB) is the designated organization in the private sector in the United States for establishing standards of financial accounting and reporting.
FERC
U.S. Federal Energy Regulatory Commission
The Federal Energy Regulatory Commission, or FERC, is an independent agency that regulates the interstate transmission of electricity, natural gas, and oil.
FinCEN Financial Crimes Enforcement Network
The U.S. Department of the Treasury established the Financial Crimes Enforcement Network in 1990 to provide a government-wide multisource financial intelligence and analysis network. The organization's operation was broadened in 1994 to include regulatory responsibilities for administering the Bank Secrecy Act, one of the nation's most potent weapons for preventing corruption of the U.S. financial system.
FISMA
Federal Information Security Management Act
The Federal Information Security Management Act is designed to protect critical information infrastructure.
Board of Governors of the Federal Reserve System
GASB
Government Accounting Standards Board
The mission of the Governmental Accounting Standards Board is to establish and improve standards of state and local governmental accounting and financial reporting.
HIPAA
U.S. Dept. of Health & Human Services - HIPAA Regulations and Guidance
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) require the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addresses the security and privacy of health data.
NERC
North American Electric Reliability Council
NERC's mission is to ensure that the bulk electric system in North America is reliable, adequate and secure.
OCC
Office of the Comptroller of the Currency
The U.S. Office of the Comptroller of the Currency (OCC) charters, regulates, and supervises all national banks. It also supervises the federal branches and agencies of foreign banks.
OTS
Office of Thrift Supervision
The Office of Thrift Supervision (OTS) is the primary federal regulator of federally-chartered and state-chartered savings associations, their subsidiaries, and their registered savings and loan holding companies.
PCAOB
Public Company Accounting Oversight Board
The PCAOB is a private-sector, non-profit corporation that oversees the activities of auditors of public companies in order to protect the interests of investors and further the public interest in the preparation of informative, fair, and independent audit reports.
SEC
U.S. Securities and Exchange Commission - SOX
The mission of the U.S. Securities and Exchange Commission is to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.
US Department of Treasury
The Department of the Treasury's mission highlights its role as the steward of U.S. economic and financial systems, and as an influential participant in the global economy. Serve the American people and strengthen national security by managing the U.S. Government's finances effectively, promoting economic growth and stability, and ensuring the safety, soundness, and security of the U.S. and international financial systems.
CIS
Center for Internet Security
The Center for Internet Security (CIS) is a non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. CIS members develop and encourage the widespread use of security configuration benchmarks through a global consensus process involving participants from the public and private sectors.
COBiT
more information>
CobIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and practices for IT control throughout organizations.
GAGAS
Government Auditing Standards (the "Yellow Book") contains standards for audits of government organizations, programs, activities, and functions, and of government assistance received by contractors, nonprofit organizations, and other nongovernment organizations.
Guide to Assessment of IT General Controls Scope based on Risk (GAIT)
more information>
The IIA's GAIT, focused principally on Sarbanes Oxley, provides guidance to appropriately identify and link COSO constructs of internal control objectives, with assertions, risks and controls, to enable audit and IT practitioners to reach well informed decisions on which controls to include and exclude.
Global Technology Audit Guide (GTAG)
more information>
Written for he chief audit executive, The IIA's GTAG publications provide guidance on information technology. Each guide addresses timely issues related to IT management, control or security.
ISO 17799
more information>
ISO is the developer of International Standards specifying requirements for state-of-the-art products, services, processes, materials and systems. ISO 17999 is focused on controls and practices for information security. Also visit the ISO 17799 Directory at http://www.27002.net/ (see ISO 27000)
ISO 27000 and ISO 27001
The ISO 27000 series of standards promise to cover a larger body of practice. Under way, these developments can be found at http://www.w3j.com/5/index.html. Information on ISO 27001 can be found at http://www.27001-online.com
ITIL
More information
IT Service Management standards from the Office of Government Commerce are focused on the strategic business value delivered by IT through high quality service.
NIST
NIST resources: Computer Security Resource Center
NIST resources: Rainbow Series
NIST's Computer Security Division conducts research, studies and advises agencies of IT vulnerabilities and devising techniques for the cost-effective security and privacy of sensitive Federal systems. NIST also develops standards, metrics, tests and validation programs and has long published guidance about secure IT development, usage, planning, implementation, management and operation.
SCCE
SCCE exists to champion ethical practice and compliance standards in all organizations and to provide the necessary resources for compliance professionals and others who share these principles.
The Society of Corporate Compliance & Ethics (SCCE) is dedicated to improving the quality of corporate governance, compliance and ethics
OCEG
OCEG is a non-profit organization that has a straightforward , ambitious and timely mission: to help organizations align their governance. compliance and risk management activities to drive business performance and promote integrity.
GAO
The U.S. Government Accountability Office (GAO) is an independent, nonpartisan agency that works for Congress. Often called the "congressional watchdog," GAO investigates how the federal government spends taxpayer dollars.
ISACA
ISACA got its start in 1967, when a small group of individuals with similar jobs-auditing controls in the computer systems that were becoming increasingly critical to the operations of their organizations-sat down to discuss the need for a centralized source of information and guidance in the field. In 1969, the group formalized, incorporating as the EDP Auditors Association. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field.
ITPolicyCompliance.com
The ITpolicycompliance.com web site is dedicated to promoting the development of research and information that will help IT security professionals meet the policy and regulatory compliance goals of their organizations. Specifically, this site focuses on assisting organizations to improve compliance results by providing reports based on primary research as well as other related information and resources.
AAA
American Accounting Association
The American Accounting Association promotes worldwide accounting education, research and practice. The Association is a voluntary organization of persons interested in accounting education and research.
ABA
American Bankers Association - Center for Regulatory Compliance
ABA's Center for Regulatory Compliance is a gateway to support for meeting the challenges of managing compliance risk. It provides direct access to regulatory expertise, up-to-date reports on agency initiatives, and the resources to assist organizations in keeping pace with the demands of supervisory oversight.
AGA
Association of Government Accountants
The Association of Government Accountants is dedicated to the enhancement of public financial management. AGA serves the professional interests of financial managers, from local, state and federal governments, as well as public accounting firms, responsible for effectively using billions of dollars and other monetary resources every day.
AICPA
American Institute of Certified Public Accountants
The American Institute of Certified Public Accountants is a U.S. professional organization for Certified Public Accountants. Its mission is to provide members with the resources, information, and leadership that enable them to provide valuable services in the highest professional manner to benefit the public as well as employers and clients.
Basel II CPA
Basel II Compliance Professionals Association
Basel II is the second Basel Accord. It contains recommendations by bank supervisors and central bankers from the 13 countries making up the Basel Committee on Banking Supervision to revise the international standards for measuring the adequacy of a bank's capital. It was created to promote greater consistency in the way banks and banking regulators approach risk management across national borders.
COSO
Committee of Sponsoring Organizations of the Treadway Commission
COSO is an independent private sector initiative which studies the causal factors that can lead to fraudulent financial reporting and develops recommendations for public companies and their independent auditors, for the SEC and other regulators, and for educational institutions.
CSI
Computer Security Institute
The Computer Security Institute (CSI) is a membership organization specifically dedicated to serving and training the information, computer and network security professional. CSI delivers education and aggressively advocates the critical importance of protecting information assets. CSI sponsors two conferences annually, targeted at those entering the field, as well as to experienced practioners. CSI also publishes the annual CSI/FBI Computer Crime and Security Survey.
FASB
Financial Accounting Standards Board
The Financial Accounting Standards Board is the designated organization in the U.S. for establishing standards of financial accounting and reporting. Those standards govern the preparation of financial reports and are officially recognized as authoritative by the Securities and Exchange Commission and the American Institute of Certified Public Accountants. The standards are considered essential to the efficient functioning of the economy because investors, creditors, auditors, and others rely on credible, transparent and comparable financial information.
FEI
Financial Executives International
Financial Executives International (FEI) is an advocate for the views of corporate financial management. Its 15,000 members hold policy-making positions as chief financial officers, treasurers, and controllers. FEI enhances member professional development through peer networking, career planning services, conferences, publications, and special reports and research. Members participate in the activities of 86 chapters, 75 of which are in the United States and 11 in Canada.
HCCA
Health Care Compliance Association
HCCA champions ethical practices and compliance standards and provides the necessary resources for ethics and compliance professionals and others who share these principless.
The IIA
Institute of Internal Auditors
The Institute of Internal Auditors (IIA) is an international professional association of more than 122,000 members with global headquarters in Altamonte Springs, Fla., United States. Throughout the world, The IIA delivers certification, education, research, and technological guidance for internal auditors.
IMA
Institute of Management Accountants
Founded in 1919, the IMA is a professional association devoted to management accounting, finance, and information management. The IMA has approximately 73,000 members consisting of corporate accountants and financial executives. In addition to many educational opportunities, the IMA offers the Certified Management Accountant (CMA) and Certified in Financial Management (CFM) programs for management accounting and financial management professionals and supports field-based research and analysis through its Foundation for Applied Research.
ISACA
Information Systems Audit and Control Association
ISACA delivers guidance for information governance, control, security and audit professionals. Its IS auditing and IS control standards are used by practitioners worldwide. Its research pinpoints professional issues challenging its constituents. Its Certified Information Systems Auditor (CISA) certification is recognized globally and has been earned by more than 48,000 professionals. The Certified Information Security Manager (CISM) certification has been earned by more than 6,000 professionals.
ISSA
Information Systems Security Association
The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members.
The IT Governance Institute is a research think tank delivering references on IT-enabled business systems governance for the global business community.
NALGA
National Association of Local Government Auditors
NALGA is a professional organization dedicated to improving local government auditing. The organization disseminates information and ideas about financial and performance auditing, provides training, and offers a national forum to discuss auditing issues.
NASACT
National Association of State Auditors, Comptrollers & Treasurers
The National Association of State Auditors, Comptrollers and Treasurers is an organization for state officials who deal with the financial management of state government. NASACT's membership is comprised of officials who have been elected or appointed to the office of state auditor, state comptroller or state treasurer in the fifty states, the District of Columbia, and U.S. territories.
NSA
National Security Agency - Central Security Service
NSA initiatives in enhancing software security cover both proprietary and open source software. NSA's work to enhance the security of software is motivated by one simple consideration: to give NSA's customers the best possible security options in the most widely employed products. The objective of the NSA research program is to develop technologic advances that can be shared with the software development community through a variety of transfer mechanisms. NSA does not favor or promote any specific software product or business model. Rather, NSA is promoting enhanced security.
SOXCPA
Sarbanes-Oxley Compliance Professionals Association
The Sarbanes Oxley Compliance Professionals Association provides compliance professionals with resources they need to better serve their organizations or clients, advance their careers, and reach a higher level of personal enrichment.