The structure and governance of every organization is different and varies based on the type of organization. Each
organization has its own mission (business), size, industry, culture and legal regulations. However, all organizations
have a responsibility and duty to protect their assets and operations, including their IT infrastructure and information.
At the highest level, this is generally referred to as governance, risk management and compliance (GRC). Some
entities implement these three areas in an integrated manner, while others may have less comprehensive approaches.
Regardless of the actual implementation, every organization needs a plan to manage these three elements.