Version 2.1 Of OCEG's GRC Capability Model Enhanced with Free Open Source Standards

The latest version of the GRC Capability Model (“the Red Book”) from OCEG (Open Compliance and Ethics Group), a nonprofit think tank, has been enhanced with free open source standards which make it possible for organizations to improve the management of plans and actions which reduce risks and enhance performance, and compliance.

In a release, OCEG Chair Scott L. Mitchell said that, “This update to the Red Book has benefitted from the input of hundreds of experts in the drafting of earlier versions, and from feedback provided by organizations that have applied it over the past eight years. With this revision, we clarify the integrated relationship between risk, compliance and performance management, and the governance, assurance and management of each.”

He added, “The free and open source nature of the Red Book sets it apart from many other standards, which must be purchased for each use and we hope that this model will be considered and followed by other standard issuing organizations.”

The OCEG Red Book has been made available for download and hard copies or spreadsheet versions of the Red Book can also be picked up through the OCEG online store. Additionally the GRC Assessment Toolkit, a companion resource has also been made available at the store.

OCEG President Carole Switzer said that, “We have also provided an open source share and share alike license for the Red Book which allows anyone to use and build upon the Red Book with open source expansions. This means, for example, that a company may import the standards into any software solution they want to use, or may build training materials around the standards. Not only that, but anyone may download a copy of the Red Book for free from the OCEG website.”