Embedded Files
GOVERNANCE, RISK & COMPLIANCE (GRC) FUNDAMENTALS
Overview
I executed a compliance audit of a home network using a structured checklist aligned to common best practices. I verified controls, gathered evidence, and produced an audit report with prioritized recommendations and a re-assessment date. (How to Perform a Compliance Audit)
Objectives
Define scope and objectives.
Validate controls across network, devices, accounts, and data protection.
Document compliance status and evidence.
Recommend corrective actions with owners and timelines.
Prerequisites
Access to the environment and devices
Google Sheets and Google Docs
Familiarity with control concepts and the checklist
Tools and technologies
Google Sheets and Google Docs
Device settings, router admin pages
Implementation
1. Prepare
Scope: router, laptop, smartphone, Internet of Things device.
Objectives: harden access, patch devices, improve monitoring.
Artifact: Audit Scope and Objectives document.
2. Use the checklist
Network security: encryption, firmware, password strength.
Device security: updates, anti-malware, encryption.
Access control: unique accounts, Multi-Factor Authentication.
Data protection and backup, incident response, Internet of Things practices.
Artifact: Completed checklist with Compliant, Non-Compliant, or Not Applicable and evidence.
3. Evaluate and document
Evidence table with control, status, screenshot reference, and risk level.
Highlight high risk non-compliance items.
4. Report
Executive summary, findings by domain, and corrective actions.
Re-assessment scheduled in three months.
5. Recommendations
Specific steps for each gap with links to settings and how-to steps.
Example: enable automatic updates on all devices and verify encryption on the laptop.
Outcomes
A clear picture of current control health.
A dated plan that addresses top risks first.
Skills demonstrated
Control testing and evidence collection
Report writing with prioritized recommendations
Google Sites
Report abuse