Governance, risk, and compliance (GRC) is a term that refers to an organization's approach across these three practices: governance, risk management, and compliance with regulations. Governance is the system of rules that guides a business, risk management is the process of identifying and reducing potential dangers, and compliance is the processes an organization has in place to ensure it is following relevant regulations.
GRC is sometimes used to describe legal roles and can encompass security and internal controls.