CapGRC

GRC Blog

GRC Articles & Analysis

Practical advice, regulatory analysis and expert guides for Canadian GRC professionals.

17 articles

6 domains covered

Regularly updated

TopicsLaw 25(3)ISO 27001(2)Regulation(2)Cybersecurity(1)DORA(1)Risks(1)Advanced search

Featured

Cybersecurity

Zero Trust: why zero-trust architecture is becoming essential in Canada

March 10, 20269 min

The traditional perimeter security model has reached its limits. With the proliferation of remote work, cloud services and third-party access, Canadian organizations must adopt a r

Read the article

All articles

(13)

DORAFebruary 15, 202610 min

DORA: how Canadian companies with European operations must prepare

The European DORA regulation came fully into force on January 17, 2025. Canadian financial institutions offering services in Europe or collaborating with European entities are dire

RisksFebruary 8, 20267 min

The 10 essential risk indicators for your CISO dashboard

An effective GRC dashboard is not measured by the number of indicators displayed, but by their relevance to decision-making. Here are the 10 KRIs that every CISO should monitor as

NIS2February 1, 20269 min

NIS2 and the Canadian public sector: anticipating new digital resilience requirements

The European NIS2 directive came into application in October 2024. Its implications affect Canadian organizations partnering with European entities in critical sectors.

Internal auditJanuary 25, 202611 min

Artificial intelligence and GRC internal audit: opportunities and risks for Canadian organizations

Artificial intelligence is profoundly transforming internal audit practices. AI tools enable analysis of massive data volumes and anomaly detection, but also introduce new risks.

Law 25January 15, 202512 min

Complete Guide to Law 25: Obligations and Compliance

Everything you need to know about Quebec's Law 25: obligations, timelines and practical steps to bring your organization into compliance.

Risk managementJanuary 28, 20258 min

How to Conduct a Risk Assessment for an SME

Practical method to identify, assess and treat security risks in a small or medium-sized enterprise.

PrivacyFebruary 10, 202510 min

DPIA: Practical Guide for Privacy Officers

How to conduct a Privacy Impact Assessment compliant with Law 25, step by step.

AuditFebruary 20, 20257 min

5 Common Mistakes in GRC Internal Auditing

The most frequent pitfalls in internal audit programs and how to avoid them to gain efficiency.

GRCMarch 5, 20259 min

Managing Multiple GRC Frameworks Simultaneously

Strategies to align ISO 27001, Law 25 and PCI-DSS in a unified GRC program without duplicating efforts.

ISO 27001March 18, 202511 min

ISO 27001 Certification in 6 Months: Lessons Learned

How a Quebec SME obtained its ISO 27001 certification in 6 months with CapGRC.

PCI-DSSApril 2, 20258 min

PCI-DSS v4.0: What You Need to Know

Analysis of the major changes in PCI-DSS version 4.0 and their impact on Canadian organizations.

RegulationApril 15, 202514 min

Understanding DORA: The European Digital Resilience Regulation

Complete guide to the Digital Operational Resilience Act (DORA): scope, obligations and impact on Canadian financial institutions.

RegulationApril 28, 202512 min

Understanding PIPEDA: Canada's Federal Privacy Law

Complete guide to the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.

Go further with CapGRC

Discover all our guides, templates and webinars to structure your GRC program.

All resources Request a demo