I need your little help, can you just tell me the relationship or difference between IT-GRC and ISO 27001 ?
IT-GRC is all about an integrated approach towards Governance, Risk management and Compliance, where ISO 27001 talks about all the aspects like top management and Risk management etc. So my doubt is why organizations are getting attracted towards the IT-GRC approch ? What is the main difference between them.?
From my point of view, the main difference is that IT-GRC is related to the governance of IT, however it is not established in ISO 27001 (there are another standard for the IT governance: ISO 38500). On the other hand, the common point between both is that they are related with the risk management and the compliance of policies, procedures, laws and regulations.
Finally, IT-GRC approach can be interesting for companies that want a framework related to the governance of IT, and ISO 27001 is for companies that want to implement and certify an Information Security Management System (you cannot certify IT-GRC).
By th e way, do you know what are the 6 basic steps in the ISO 27001 risk assessment & treatment? Here you can see an interesting article ISO 27001 risk assessment & treatment 6 basic steps : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/