GRC Standards & Toolkits

Rooted in decades of experience, rigorously verified by experts.

OCEG invented GRC in 2003 and has spent over a decade perfecting the approach. With the help of a panel of over 100 experts, OCEG studied 250 organizations to document best practices in the GRC Capability Model (commonly called the OCEG Red Book).

Today, we have several standards that cover not only GRC but some of the topical areas to which GRC is applied.

Browse standards in resource library

Policy management standard

Your go-to policy management standard

Quickly learn, master, and apply the principles and practices you need to support your organization. Follow a proven blueprint to build your Policy Management Program.

Developed by the OCEG team and vetted by an international review board of policy management professionals, the Policy Management Capability Model is a definitive standard that can be used and updated by anyone for free.

Policy Management Capability Model

Free with Policy Management Pro

Visit our newest offering, Policy Management Pro to get your copy and view our policy management training course.

Learn more about Policy Management Pro

Policy Management Capability Model Cover

Data privacy standard

Your go-to data privacy standard

Quickly learn, master, and apply the principles and practices you need to support your organization. Follow a proven blueprint to build your Data Privacy Program.

Developed by the OCEG team and vetted by an international review board of data privacy professionals, the Data Privacy Capability Model is a definitive standard that can be used and updated by anyone for free.

Data Privacy Capability Model

Free

Get your copy and put data privacy principles into practice.

Learn more about Data Privacy

Data Privacy Capability Model Cover