Foundations of Governance, Risk, and Compliance
Ends soon! Keep adding new skills with 10,000+ programs for $239 (usually $399). Save now.
Foundations of Governance, Risk, and Compliance
Recommended experience
Recommended experience
Skills you'll gain
- Auditing
- Risk Control
- Information Privacy
- Continuous Monitoring
- Document Management
- Enterprise Risk Management (ERM)
- Compliance Auditing
- Asset Protection
- Regulatory Compliance
- Security Controls
- Cyber Governance
- Risk Management
- Governance Risk Management and Compliance
- Risk Analysis
- Information Systems Security
- Compliance Management
- Scope Management
- Risk Management Framework
- Data Security
- Governance
Details to know
February 2026
8 assignments
See how employees at top companies are mastering in-demand skills
There are 10 modules in this course
Effective implementation of governance, risk, and compliance (GRC) programs requires specific cybersecurity talent and leadership. GRC professionals must utilize frameworks and best practices to integrate security and privacy within organizational objectives, better enabling stakeholders to make informed decisions regarding data security, compliance, supply chain risk management, and more.
In this course, you will: - Relate GRC principles, responsibilities, and activities to frameworks, regulations, and requirements. - Identify the purpose, activities, and components of the scoping process. - Connect requirements, policies, management practices, and system capabilities that influence controls decisions. - Identify key steps and best practices for implementing security and privacy controls. - Summarize elements and processes involved in the assessment and audit of controls. - Consider the purpose and types of documentation and activities necessary to establish system compliance. - Identify activities and roles necessary to ensure effective monitoring and maintenance of system compliance. Who should take this course? IT, information security, and information assurance practitioners who have a need to understand or implement a comprehensive GRC program, including those in or pursuing the following positions: - Cybersecurity Auditor - Cybersecurity Compliance Officer - GGRC Architect - GRC Manager - Cybersecurity Risk & Compliance Project Manager - Cybersecurity Risk & Controls Analyst - Cybersecurity Third Party Risk Manager - Enterprise Risk Manager - GRC Analyst - GRC Director - Information Assurance Manager
What's included
1 video
1 videoβ’Total 2 minutes
- Course Introductionβ’2 minutes
Governance, risk, and compliance (GRC) encompasses the structured approach organizations follow to align IT and business strategies, manage risks effectively, and ensure organizational activities adhere to established regulations and standards.
What's included
7 videos1 assignment
7 videosβ’Total 25 minutes
- What GRC Really Doesβ’1 minute
- GRC Definitionsβ’4 minutes
- GRC Over the Systemβs Lifeβ’2 minutes
- GRC Frameworksβ’6 minutes
- Frameworks in Action: The Hybrid Approachβ’3 minutes
- Who Does What in GRCβ’4 minutes
- Know Your Rules: A Global Regulatory Snapshotβ’4 minutes
1 assignmentβ’Total 6 minutes
- End of Section Quizβ’6 minutes
Scoping the system defines the boundaries and characteristics of the system that will be assessed and protected. It helps in identifying the system's assets, functions, interconnections, dependencies, area of operations, users, and stakeholders, as well as the applicable laws, regulations, policies, and standards that govern the system. Scoping of the system also helps to determine the level of risk that the system poses to the organization and its mission, and the level of effort and resources that will be required to manage the risk.
What's included
8 videos1 assignment
8 videosβ’Total 18 minutes
- Scope of the Systemβ’1 minute
- System Scoping Processβ’4 minutes
- System Description Elementsβ’2 minutes
- System Purpose and Functionalityβ’2 minutes
- Security Compliance Requirementsβ’1 minute
- The Scoping Challenge of Compliance Frameworks and Regulationsβ’3 minutes
- The Core Factors of Impactβ’3 minutes
- Redefining Scope Exampleβ’2 minutes
1 assignmentβ’Total 6 minutes
- End of Section Quizβ’6 minutes
The selection and approval of controls requires an understanding of what a control is, what it is designed to do, and what policy decisions shape the controls environment. Controls decisions are shaped by a variety of influences, including statutory or regulatory obligations, organizational security or privacy policies, the organizationβs risk management practices, existing controls, system capabilities, and contractual requirements associated with the operation of the system.
What's included
9 videos1 assignment
9 videosβ’Total 23 minutes
- The Forces Shaping Your Security Controlsβ’3 minutes
- Understanding Control Baselinesβ’2 minutes
- The Architecture of Defense: Types and Categories of Controlsβ’7 minutes
- Leveraging Common Controls for Efficiencyβ’2 minutes
- Knowing When to Dig Deeper on Privacyβ’2 minutes
- Why Detail Matters When Identifying Important Dataβ’2 minutes
- Availability: The System Ownerβs Accountabilityβ’2 minutes
- The Shared Responsibility Modelβ’2 minutes
- Documenting Your Security Story in the System Security Planβ’1 minute
1 assignmentβ’Total 6 minutes
- End of Section Quizβ’6 minutes
Security and privacy controls are the technical, administrative, and physical measures that an organization implements to protect its information systems and data from unauthorized access, use, disclosure, modification, or destruction. Control implementation and alignment helps an organization ensure the confidentiality, integrity, and availability of their information systems and data; reduce its exposure to threats and vulnerabilities; and demonstrate its adherence to relevant laws, regulations, and standards. It also enables the organization to communicate its security and privacy posture to its stakeholders, customers, and partners, and to build trust and reputation.
What's included
9 videos1 assignment
9 videosβ’Total 25 minutes
- Implementation of Security and Privacy Controlsβ’2 minutes
- Bringing Controls to Life: The Six Steps of Implementationβ’4 minutes
- The Three Ways We Classify Controlsβ’4 minutes
- Compensating Controls: Why They're Needed (and When to Use Them)β’3 minutes
- Configuration Management: Keeping Things in Lineβ’4 minutes
- Documentation: Why We Write Everything Downβ’2 minutes
- Dealing with Leftover Risk: The Residual Challengeβ’2 minutes
- Keeping the Ship Steady: Reviews, Training, and Readinessβ’3 minutes
- The Case of the Inconsistent Controlsβ’2 minutes
1 assignmentβ’Total 6 minutes
- End of Section Quizβ’6 minutes
The term assessment generally implies a less formal assessment activity, while the term audit implies a more formal assessment typically done to show compliance to a particular standard. Across industries, the utilization of these terms can be inconsistent. The GRC professional should understand how the terms are employed within the context of a specific use case. Here "assessment" is used as a broad term that encompasses both general evaluations and the specific instances of audits.
What's included
9 videos1 assignment
9 videosβ’Total 22 minutes
- Assessment vs. Audit: Knowing the Differenceβ’2 minutes
- Getting Ready for the Assessment: The Plan β’2 minutes
- Scenario: The Tale of the Missing Sign-Offβ’2 minutes
- Assessment Activities: How We Check the Controlsβ’2 minutes
- Proving Your Controls Actually Workβ’3 minutes
- The Initial Report: What Did We Find?β’2 minutes
- Budget Battles: The Auditor as the Peacemakerβ’3 minutes
- The POA&M: Your Security To-Do Listβ’3 minutes
- Delaying the Fix: Documenting a Phased Mitigationβ’3 minutes
1 assignmentβ’Total 6 minutes
- End of Section Quizβ’6 minutes
System compliance is the adherence of a system to the established standards, policies, and regulations that govern its operation, security, and performance. Documentation from security and privacy assessments after control implementation is reviewed to determine system compliance. These documents are analyzed against organizational risk strategy and risk assessments to determine residual risk compared to risk appetite. Once system compliance decisions are made and stakeholders acknowledge and agree on the risk treatment options, the system is authorized to operate and ready for production.
What's included
9 videos1 assignment
9 videosβ’Total 20 minutes
- System Compliance: The Final Go/No-Go Decisionβ’2 minutes
- Adherence to Standards, Policies, and Regulationsβ’1 minute
- The Compliance Documentation Package: Your Proof of Securityβ’2 minutes
- The Case of the Forgotten Keysβ’3 minutes
- Risk Treatmentβ’2 minutes
- Accepting the Manageable Riskβ’3 minutes
- Stakeholder Concurrenceβ’2 minutes
- The Authorizing Officialβ’2 minutes
- Announcing the Final Decisionβ’3 minutes
1 assignmentβ’Total 6 minutes
- End of Section Quizβ’6 minutes
System compliance is not a one-time event. Compliance maintenance includes processes that ensure a system remains compliant throughout its life cycle and detects and resolves any compliance issues that may arise. It extends beyond periodic demonstration of compliance and involves a comprehensive approach to change management, ongoing activities, and system decommissioning with strict adherence to global and industry-specific frameworks.
What's included
8 videos1 assignment
8 videosβ’Total 20 minutes
- Keeping It Secure: Your Strategy for Continued Complianceβ’3 minutes
- Keeping the Status Quo: Compliance Maintenanceβ’2 minutes
- Managing Change in the Security Evolutionβ’3 minutes
- Monitoring Changes: Staying on Trackβ’2 minutes
- Monitoring Strategies: Keeping an Eye on Everythingβ’2 minutes
- Ongoing Authorizationβ’3 minutes
- Adapting to the New Rulesβ’3 minutes
- All Systems Must Goβ’2 minutes
1 assignmentβ’Total 6 minutes
- End of Section Quizβ’6 minutes
ISC2 is the worldβs leading member organization for cybersecurity professionals, driven by our vision of a safe and secure cyber world. Our certified members and associates are a force for good, safeguarding the way we live. Our certifications enable professionals to demonstrate their knowledge, skills, and abilities at every stage of their careers. Becoming a certified professional through the CGRC demonstrates to employers and peers that you have the knowledge and skills to integrate governance, risk management, and regulatory compliance within an organization. It shows that you are able to use various international frameworks to manage risk and authorize and maintain information systems. Official trainings, seminars, courseware, and self-study aids from ISC2 are available to help you get ready for the rigorous CGRC exam by reviewing relevant domains and topics. Whether you prefer self-paced, online instructor-led, or in-person classroom training, ISC2 has an option to fit your schedule and learning style.
What's included
1 video
1 videoβ’Total 1 minute
- Course Conclusionβ’1 minute
What's included
1 reading1 assignment
1 readingβ’Total 5 minutes
- Foundations of Governance, Risk, and Compliance (progression to CGRC)β’5 minutes
1 assignmentβ’Total 40 minutes
- Foundations of Governance, Risk, and Compliance Final Assessmentβ’40 minutes
Instructor
Offered by
Explore more from Security
- Status: Free TrialL
LearnKartS
Course
- Status: Free Trial
- Status: Free Trial
Course
Why people choose Coursera for their career
Frequently asked questions
To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
When you purchase a Certificate you get access to all course materials, including graded assignments. Upon completing the course, your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.
Yes. In select learning programs, you can apply for financial aid or a scholarship if you canβt afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, youβll find a link to apply on the description page.
More questions
Financial aid available,
