Provisions of the Bank of Russia;

[rakhirhif8963]

However, it is possible to note the growing need of the banking industry for GRC tools to minimize risks associated with information security (IS). In credit institutions, the presence of a centralized risk management system is mandatory (Bank of Russia Regulations 242-P, 346-P). Changes in regulatory legal acts (RLA) and standards in the field of IS occur regularly, according to many of which Companies must confirm compliance with legal requirements to regulatory authorities, for example:

Order of the FSTEC of Russia No. 21 in the field of personal data protection;
requirements for the organization and functioning of payment systems (Federal Law 161);
Bank of Russia standard STO BR IBBS;
Payment Card Industry Data Security Standard PCI DSS;
ISO/IEC 27001 information security standard.
It is obvious that GRC today is not just a macedonia mobile database term, and in Russian reality is a very real necessity.

Factors and Drivers for Implementing a GRC Solution
There are a number of prerequisites that cause a justified need for the implementation of GRC solutions in companies in our country. In large organizations, many departments are engaged in processing incidents, threats and risks under their jurisdiction, among which are financial, legal, reputational, regulatory, commercial, organizational and others.

Often this work is not automated, uncontrolled and is carried out on a residual basis. Many companies do not have a single automated risk management reporting platform.

From a corporate risk perspective, incident and threat management processes are characterized by low efficiency, high costs, and significant losses. Due to the lack of reliable risk information, this leads to difficulties in making management decisions, non-compliance with contractual obligations, missed project deadlines, and penalties.