Amidst the alphabet soup of technical acronyms, API has been standing out recently. It has almost reached buzzword status. I think a lot of people have a vague idea that an API can be used to integrate data between applications, but what exactly is an API, and how are they used?
When it comes to regulations, industry standards and supporting controls, the only constant is change. Most organization have smart people and defined processes for managing change, but tracking the changes themselves—knowing what they are and how they impact the business—can be a massive headache.
If I showed you a picture of a Sasquatch or a unicorn, chances are you would be able to identify them almost immediately. That is to say that nearly everyone knows exactly what they are even though they haven’t been proven to exist. In most cases, the “Fully Integrated GRC Program” fits within the same category. Anyone that has been working in GRC recognizes the concept immediately, but chances are there’s no proof that integrated GRC is fully alive within the organization.