GRC Standards & Toolkits
Putting Principles into Practice® with Authoritative Standards
Rooted in decades of member experience, rigorously verified by experts.
-
GRC Capability Model 3.5
The GRC Capability Model (OCEG Red Book) helps GRC professionals plan, assess, and improve their GRC capabilities in order to achieve Principled Performance. Available for free with our Basic Membership.
-
GRC Assessment Framework
The GRC Assessment Framework (OCEG Burgundy Book) provides audit and assurance professionals, as well as those overseeing GRC capabilities, with a common approach and set of assessment procedures to be used in reviewing GRC capabilities.
-
Audit & Assurance Fundamentals
Integrated Audit & Assurance Fundamentals standard is a collection of useful frameworks, models and methods to help every GRC Professional provide assurance.
-
Policy Management Capability Model
The Policy Management Capability Model helps GRC professionals elevate the way that policies are governed, planned, performed and measured.
-
Data Privacy Capability Model
The Integrated Data Privacy Capability Model establishes standards from which an organization may customize its approach to data privacy governance, management, and assurance.
-
Integrated Risk Management Framework
The Integrated Risk Management Framework provides an open-source, interdisciplinary standard for risk management professionals to be more effective and achieve principled performance.
-
Integrated Compliance & Ethics Framework
The Integrated Compliance and Ethics Framework provides an open source, interdisciplinary standard for compliance and ethics professionals to be more effective and achieve principled performance.
OCEG Red Book
What is it?
The GRC Capability Model is the core GRC standard that provides:
- Unified vocabulary across disciplines
- Defined common components and elements
- Defined common information requirements
- Standardized practices for things like policies and training
- Identified communication for everyone involved; including strategic decision-makers
Translations available
OCEG Burgundy Book
What is it?
The GRC Assessment Framework provides everything you need to assess or audit GRC Capabilities including:
- Helps organizations evaluate the design and operating effectiveness of their GRC capabilities
- Reduces the cost of such evaluations by eliminating the time and expense of creating procedures
- Provides standard methods for external judgment and recognition of sound practices
- Offers a review process that enables creation of prioritized improvement plans
- Raises the level of maturity and quality of GRC capabilities in all organization
Translations available
Your go-to policy management standard
Quickly learn, master, and apply the principles and practices you need to support your organization. Follow a proven blueprint to build your Policy Management Program.
Developed by the OCEG team and vetted by an international review board of policy management professionals, the Policy Management Capability Model is a definitive standard that can be used and updated by anyone for free.
Your go-to data privacy standard
Quickly learn, master, and apply the principles and practices you need to support your organization. Follow a proven blueprint to build your Data Privacy Program.
Developed by the OCEG team and vetted by an international review board of data privacy professionals, the Data Privacy Capability Model is a definitive standard that can be used by anyone within their organization.
