Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is GRC?

Governance, risk and compliance (GRC) refers to a company’s strategy for managing their organization's overall governance, enterprise risk management and compliance with regulations.

Investing in governance, risk, and compliance at your company can have many benefits: better risk analysis, faster decision making, consistent communications, and more efficient risk mitigation across the business.


Using a GRC tool allows you to create and coordinate policies and controls and automatically monitor them, creating efficiencies across your compliance efforts.

{{cta_withimage8="/cta-modules"}}

Additional resources you might like:

Compliance
Blog
How to handle risk management under growing regulatory pressure: Best practices in 2026

Learn how to align risk management and regulations to navigate the business landscape.

Compliance
Blog
What Is a risk register? Best practices for keeping It actionable

Learn what a risk register is and how modern GRC teams should use it.

Compliance
Blog
What is Enterprise Risk Management (ERM)? Everything you need to know

Explore modern enterprise risk management (ERM) and what makes it a strategic business discipline

Additional resources you might like:

Compliance
Blog
How to handle risk management under growing regulatory pressure: Best practices in 2026

Learn how to align risk management and regulations to navigate the business landscape.

Compliance
Blog
What Is a risk register? Best practices for keeping It actionable

Learn what a risk register is and how modern GRC teams should use it.

Compliance
Blog
What is Enterprise Risk Management (ERM)? Everything you need to know

Explore modern enterprise risk management (ERM) and what makes it a strategic business discipline

Product updates
Blog
New in Vanta | June 2026

This past month, the Vanta team launched new features to help you configure risk scoring per register, manage risk registers through natural conversation with the Vanta Agent and MCP, and collaborate with vendors and internal teams directly inside TPRM assessments.

GRC
Events
What is GRC Engineering? A fresh take on an old space

Join Lovable and Vanta for an exclusive virtual event on what modern GRC actually looks like when it is done right.

GRC
Blog
Building a risk taxonomy: A guide to classifying risks

Learn how to classify and prioritize risks using a structured risk taxonomy.

GRC
Blog
Understanding inherent risk vs residual risk—and why the gap matters

Learn about inherent and residual risk beyond definitions and see how they influence decisions.

Security
Blog
The new supply chain blast radius

Modern supply chain incidents turn trusted software into a real-time vendor, identity, and access challenge. Continuous monitoring matters more than ever.

Compliance
Events
Agentic compliance in action with Vanta and Claude

Register to learn how Vanta's MCP Server brings your compliance program directly into Claude.