Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Filter by type
Filter by Publications
Filter by Library Taxonomy
EDUCAUSE IT Governance, Risk, and Compliance Program
Governance, risk, and compliance (GRC) issues increasingly pervade higher education information technology. As institutional investment in IT and reliance on information systems have grown, so has the need for reliable structures and measures to ensure success and minimize failure.
IT GRC programs develop a framework for the leadership, organization, and operation of an institution's IT programs. This framework can be used by IT staff to ensure that their programs support and enable the institution's strategic objectives. The EDUCAUSE IT GRC program provides resources that help you define and implement IT GRC activities on your own campus.
A member advisory board, member working groups, and representatives from complementary organizations advise EDUCAUSE in the development of best practices, toolkits, and case studies. EDUCAUSE-conducted research will benchmark how higher education institutions are currently approaching IT GRC practices. New resources will be added to this page as they are developed.
To learn more or to contribute to the higher education IT GRC body of knowledge, contact us at GRC@educause.edu
- Leveraging Enterprise Risk Management: Opportunity for Greater Relevance, EDUCAUSE Review, December 6, 2013. Even though enterprise risk management (ERM) engages the entire higher education institution, IT organizations have an opportunity to use ERM to move beyond a services function toward providing strategic value to the institution.
- Learning While Doing: Two Institutions’ Practical IT Risk Management Experiences, ECAR Research Bulletin, July 29, 2013.
- Top-10 IT Issues, Policy Implications, and Managing Risk, EDUCAUSE Blog, June 24, 2013.
- IT Risk Management: Try This Exercise at Your Institution, EDUCAUSE Review Online, June 30, 2013.
- IT Risk Management Poll Results, April 2013.
- Managing IT Risk in Higher Education: A Methodology, ECAR Research Bulletin, March 18, 2008.
- Governance, Risk, and Compliance: Why Now? EDUCAUSE Review, December 6, 2013. Governance, risk, and compliance (GRC) programs intend to develop a framework for the leadership, organization, and operation of the institution's IT areas to ensure that those areas support and enable the institution's strategic objectives.
- Speaking the Same Language: Building a Data Governance Program for Institutional Impact, EDUCAUSE Review, December 6, 2013.
- Starting the Conversation: University-wide Research Data Management Policy, EDUCAUSE Review, December 6, 2013.
- Boston University Information Services and Technology Governance Model, October 10, 2013,
- Making the Case for the Information Strategy, ECAR Bulletin. September 6, 2011.
- Leading the Higher Education IT Organization: Six Building Blocks of Success, EDUCAUSE Review, May 31, 2011.
- Making IT Governance Work, ECAR Bulletin, October 5, 2010.
- Decentralized IT Governance and Policy in Higher Education, ECAR Research Bulletin, March 10, 2009.
- Process and Politics: IT Governance in Higher Education, ECAR Research Report, July 21, 2008.
- Queensland University of Technology: Three Generations of IT Governance (and Counting), ECAR Case Study, July 25, 2008.
- Reforming IT Governance at Berkeley: Introducing an Enterprise Perspective to a Decentralized Organization, ECAR Case Study, July 25, 2008
- From 2004-2012 IT governance was in various positions of the EDUCAUSE top ten issues, http://www.educause.edu/educause/visualizations/vis1/index.html
For additional resources see the library Items tab on the "IT Governance" page
- Higher Education IT Compliance through the Prism of Risk Controls,EDUCAUSE Review, December 6, 2013. Only through collaborative compliance and risk discussions can appropriate decisions be made about both the everyday activities and the transformative new technologies that are or will be available to the higher education institution of 2020.
- Higher Education Information Security Council, Information Security Guide, Compliance Chapter, EDUCAUSE/Internet2
- Privacy, Security, and Compliance: Strange Bedfellows, or a Marriage Made in Heaven?, EDUCAUSE Review, January 28, 2013.
- The Policy Process Life Cycle, EDUCAUSE Review, March 20, 2009.
- Higher Education Compliance Alliance, was created by the National Association of College and University Attorneys (NACUA), in partnership with thirty other higher education associations, to provide the higher education community with a centralized repository of information and resources for compliance with federal laws and regulations.
For additional resources see the library Items tab on the "Compliance" page
Library Items on this Topic
EDUCAUSE Library Items for Risk Management
- Disaster Recovery Preplanning: Decision Making for RTO and RPO
October 16, 2013
A session at the EDUCAUSE Annual Conference 2013
Senior executives are accountable to make decisions regarding institutional IT critical service recovery times and recovery points. Explore how to provide them with the information they need to mak…
- Hazards and Hurricanes: Hallmarks of IT Readiness, Response, and Recovery
October 14, 2008
This ECAR research bulletin provides five hallmarks for IT readiness, response, and recovery in the face of a devastating natural disaster. It is based on an ECAR interview with the deputy CIO of…
- Changing Ideas of Campus Disaster Recovery: Designing Resiliency into Systems
September 25, 2007
This ECAR research bulletin suggests a framework to provide resiliency in higher education by placing such considerations up front in the evaluation, selection, and design of information technolo…
- Business Continuity Certification in Higher Education
May 22, 2007
This research bulletin discusses the advantages, benefits, and costs of business continuity certification. Based on data from the 2007 ECAR study of business continuity in higher education, the D…
- Simple Things That Could Save Your Institution
April 24, 2007
In August 2006, EDUCAUSE brought together a group of thought leaders from higher education and the private sector to explore and share effective strategies and behaviors on the important topic of…
- Post-9/11 Emergency Response and Business Continuity Changes at Pace University and New York University
March 29, 2007
This case study investigates how two major New York City universities, Pace University and New York University, changed their business continuity, disaster recovery, and emergency response thinki…
- University of California, Davis: Creating an Institutional Framework for Business Continuity
March 29, 2007
This case study discusses the business continuity and disaster recovery activities of the University of California, Davis, Office of Administration, highlighting the implications of these activit…
- Shared Responsibility for Business Continuity: The Team Approach at UCLA
March 29, 2007
This case study examines how risk assessment and business impact analysis initiatives emerged and are moving to completion at UCLA, one of the largest and technologically most complex institution…
- Shelter from the Storm: IT and Business Continuity in Higher Education - Key Findings
March 29, 2007
This document presents the key findings of the 2007 ECAR study, Shelter from the Storm: IT and Business Continuity in Higher Education. The study looks at IT unit readiness to foster and support …
- Shelter from the Storm: IT and Business Continuity in Higher Education Roadmap
March 29, 2007
This roadmap synthesizes the important issues and recommended actions drawn from the 2007 ECAR study, Shelter from the Storm: IT and Business Continuity in Higher Education. The study looks at IT…