Governance, risk, and compliance (GRC) issues increasingly pervade higher education information technology. As institutional investment in IT and reliance on information systems have grown, so has the need for reliable structures and measures to ensure success and minimize failure.

IT GRC programs develop a framework for the leadership, organization, and operation of an institution's IT programs. This framework can be used by IT staff to ensure that their programs support and enable the institution's strategic objectives. The EDUCAUSE IT GRC program provides resources that help you define and implement IT GRC activities on your own campus.

Join the IT Governance, Risk, and Compliance Community Group, an EDUCAUSE e-mail discussion list


Recent Spotlight

  • EDUCAUSE QuickPoll Results: Risk, Privacy, and Compliance

    EDUCAUSE QuickPoll Results: Risk, Privacy, and Compliance

    At many institutions, the processes and lines of responsibility for risk, privacy, and compliance are not fully developed or settled, and the pandemic might prove an opportune time to devote energy to maturing these important areas.
  • Higher Education Community Vendor Assessment Toolkit

    Higher Education Community Vendor Assessment Toolkit

    The HECVAT is a questionnaire framework specifically designed for higher education to measure vendor risk. Before you purchase a third-party solution, ask the vendor to complete the HECVAT to confirm that the information, data, and cybersecurity policies are in place to protect your sensitive institutional information and constituents’ PII.

Browse Risk Management