GRC application available in December

The signing is the result of a careful preparation and tendering process led by SURF. This started with drawing up a programme of requirements appropriate for the entire education sector, because in addition to higher education, secondary schools can also purchase the application via mbo-digitaal. The tendering procedure was published in June 2023 and the contract was provisionally awarded to TrustBound at the end of August. This was followed by a 'Proof of Concept' period, during which TrustBound demonstrated that its GRC application actually meets the programme of requirements.

What does the GRC application do?

GRC stands for Governance, Risk and Compliance. The primary purpose of a GRC application is to support the quality management process around information security and privacy. It helps to identify security risks and describe appropriate measures. This gives IBP officers and responsible managers and administrators an up-to-date picture of the institution's information security maturity so that they can focus on measures to mitigate risks. By introducing a uniform GRC application, institutions can work (together) more conveniently and learn from each other.

Available via SURF in December

SURF will now set up the GRC application as part of SURFaudit so that institutions can start using it in December. If you are interested in the application please contact SURF.