Overview
IT-GRC (IT Governance, Risk and Compliance) is the discipline that ensures IT decisions are accountable, IT risks are managed, and IT operations comply with relevant regulations and standards. IT-GRC professionals work at the intersection of technology, business, and regulatory environments.
What IT-GRC Covers
- IT Governance — frameworks (COBIT 2019, ISO/IEC 38500:2024), decision rights, committee structures, investment management
- IT Risk Management — risk identification, quantification (FAIR, ISO 31000), treatment, and ongoing monitoring
- IT Compliance — regulatory obligations (DORA, GDPR), framework compliance (ISO 27001, SOC 2, PCI DSS), audit management
- Service Management Governance — ITIL 4 / ITIL V5 governance practices, SLAs, change and incident governance
Key Certifications (2026)
| Certification | Issuer | Focus |
|---|---|---|
| CGEIT | ISACA | IT governance |
| CRISC | ISACA | IT risk management |
| CISA | ISACA | IS audit and control |
| CGRC | ISC2 | Governance, risk and compliance |
| AIGP | IAPP | AI governance |
Learning Path
Start at By Example — Beginner. No prior GRC experience required — if you have worked in a software team, you have already encountered most of the scenarios in this track.
See the full example list to browse all 85 scenarios before diving in.
Last updated May 20, 2026