Selecting a Security, Risk, and Compliance Policy Framework

This IDC Perspective discusses both strategic and tactical issues that organizations must consider when selecting a security, risk, and compliance (SRC) policy framework, as well as how to make a well-informed, effective selection. A security, risk, and compliance policy framework is a structured set of policies, principles, and governance mechanisms that guide an organization in managing its information security, assessing and mitigating risks, and ensuring compliance with laws, regulations, and internal policies. They enable organizations to operate securely, responsibly, and strategically. They protect value, enhance performance, and build trust in both internal and external relationships."Considering both strategic and tactical issues helps ensure that the framework not only is aligned with long-term goals but also is practical to implement and maintain," says Erik Werson, adjunct research advisor for IDC's IT Executive Programs (IEP).