In organisations, ‘Governance’, ‘Risk’ and ‘Compliance’ (GRC) are among the basic and strongest pillars that work together for the purpose of assuring organizations in meeting their objectives through effective utilization of the available people, process and technology. It is challenging task for most enterprises for sustaining Information Security GRC program with the evolving governance needs, changing risk environment and multiple compliance requirements. ISO 27001: 2013 encompasses all the goals of GRC under its Information Security Management System (ISMS) framework through which an effective GRC framework could be established and maintained. In this research paper, researcher have established the relationship between ISO 27001: 2013 and GRC while discussing the standard along with GRC objectives.
ISO/IEC 270012013, GRC, ISMS, Risk Management, IT Governance
