Skip to content
Crosswalker
🚧 Early alpha — building the foundation. See the roadmap →

Tagged: GRC

All Tags
GRC
22 pages
5 related

Governance, Risk, Compliance concepts and workflows

Pages with this tag

Operational landscape

13

Who does what work across the ontology ecosystem — institutions × components × resources. The combined view of effort, ownership, and sustainability.

Path: /concepts/operational-landscape/

Related tooling (GRC, audit, compliance, risk)

14

The landscape of tools the internal-audit, GRC/risk, compliance, and TPRM teams already use — and where Crosswalker fits among them. Not Crosswalker's own ecosystem; these are adjacent/related platforms across the same problem domains.

Path: /concepts/related-tooling/

For GRC / risk (operational compliance)

15

How a GRC / information-security risk-management team uses Crosswalker — own the control + crosswalk spine, map controls to many frameworks at once, collect evidence once and reuse. This is Crosswalker's home turf (control-centric — operational/control compliance, distinct from regulatory compliance).

Path: /examples/for-grc-isrm/

Unified risk model (for risk & GRC teams)

16

A recommended implementation for risk/GRC/audit/compliance teams — a shared data model (ontology) they operate on together, with CRI Profile as the authority-of-record and every other framework crosswalked to it. The "assess once, comply many" backbone Crosswalker (or any related tool) can implement. A domain-specific application, not a universal Crosswalker concept.

Path: /examples/unified-risk-model/

For GRC teams

17

How Crosswalker solves the evidence mapping problem — link your policies, audit findings, and technical docs directly to framework controls with structured metadata.

Path: /getting-started/grc-teams/

Security & GRC framework corpus

18

A directory of the cybersecurity, information security, GRC, risk-management, internal-audit and regulatory-compliance frameworks worth crosswalking — each with a durable source link, license tier, and source-data status — plus how Crosswalker handles their licensing on the way from ingestion to mapping.

Path: /reference/framework-corpus/

Registry

19

Organizations, standards, methodologies, and foundational publications that are cornerstones of the ontology lifecycle ecosystem — the stakes in the ground from decades of research that Crosswalker's architecture has to respect.

Path: /reference/registry/

CRI

20

Cyber Risk Institute — publishes the CRI Profile for financial institution cybersecurity and resilience.

Path: /reference/registry/cri/

FFIEC

21

Federal Financial Institutions Examination Council — mandates cybersecurity assessments for US financial institutions.

Path: /reference/registry/ffiec/

SEC

22

Securities and Exchange Commission — mandates cyber risk disclosure for US public companies.

Path: /reference/registry/sec/