Download Publication
![Information Technology Governance, Risk and Compliance in Healthcare](https://cloudsecurityalliance.org/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6NTM0MSwicHVyIjoiYmxvYl9pZCJ9fQ==--22e9812b2647c4fe819277c58433051cdd53b268/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJwbmciLCJyZXNpemVfdG9fbGltaXQiOlsyMjUsMzAwXX0sInB1ciI6InZhcmlhdGlvbiJ9fQ==--ed3d8b3503f8660626bf50138e90f4b6f3228621/index.png)
Information Technology Governance, Risk and Compliance in Healthcare
Release Date: 10/15/2021
Working Group: Health Information Management
Information Technology (IT) Governance, Risk, and Compliance (GRC), are three words that have a significant impact on organizations. While each term seems straightforward, putting them together brings up a concept that is hard to understand and even harder to implement. Overall, GRC is the policies and procedures that manage the organization's process for aligning the management and control of information with business objectives, the organization's risk tolerance, and how they comply with regulations and manage risk. Defining each and then integrating them into one program gives the organization a structured process to ensure IT supports business objectives while managing risk and compliance. This paper will show how to create a program for each and then integrate them into one cohesive and effective program.
This is an old version of this publication. Find the most recent version here.
This is an old version of this publication. Find the most recent version here.
Download this Resource
Prefer to access this resource without an account? Download it now.
Related Resources
Acknowledgements
![Michael Roza](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6Mzc3NCwicHVyIjoiYmxvYl9pZCJ9fQ==--2ee3c93fe3c1fbe44c00209688a02592cb8f251c/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--ce1f0b273c14895214513c640abe6c284218f1db/roza.jpg)
Michael Roza
Risk, Control and Compliance Professional at EVC
Michael Roza
Risk, Control and Compliance Professional at EVC
Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...
![Alex Kaluza](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTAzNzgsInB1ciI6ImJsb2JfaWQifX0=--29d0715c70ce16ed673ec323908db39ae230f8f9/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--ce1f0b273c14895214513c640abe6c284218f1db/alex_kaluza.jpg)
Alex Kaluza
Research Analyst, CSA
Alex Kaluza
Research Analyst, CSA
Are you a research volunteer? Request to have your profile displayed on the website here.