Versions Compared

Version Old Version 2 New Version 3
Changes made by

Sunay Zelawat

Sunay Zelawat

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

1. Introduction

/* To be added */

...

We would like to have all your attention for the launch of the Special Interest Group of GRC on Blockchain. The launch of Hyperledger GRC SIG is designed to focus on the optimization of GRC on the blockchain. We would be happy to work with enthusiastic developers and all manner of professionals to take this SIG forward and make it into an industry standard.

To keep it in simple words, GRC – SIG uses decentralized, permissioned Hyperledger blockchain to build applications that will streamline the way global organizations run their businesses. Blockchain has a huge potential on data accessibility along with cryptographic hash security in a transparent manner. The SIG will use the following relevant technologies like

  1. Hyperledger Fabric
  2. Token
  3. DAO
  4. New Consensus Mechanism

The GRC – SIG will focus on Governance, Risk, and Compliance use cases on the blockchain. To shed some light on topics that will be focused on GRC SIG.

  1. Third-Party Risk Management
  2. Environmental Social Governance (ESG)
  3. Cyber Risk Management
  4. Compliance Management
  5. Internal and IT audit
  6. Regulatory Change Management
  7. Enterprise & Operational Risk Management
  8. Data Protection and Privacy

The areas of GRC on the blockchain are still on their nascent stage and waiting for the right time to explode as the internet did back then. To expand some of the use cases of GRC on the blockchain.

Audit Processes:  

Audits can be categorized into various forms like security audits, financial auditor compliance, and regulatory audit. In the traditional audit processes, audits like account reconciliations, trial balances, supporting Evidence are provided to the auditor by the Business or Auditees in a variety of electronic and manual formats where it will require significant time to invest while planning for an audit. This Evidence provides an assurance that a long tedious audit process is being performed in accordance with the auditing standards. Instead, in the blockchain network, the auditors can have real-time access to the data by having read-only nodes on the blockchain network. A traditional monthly process can be reduced and simplified to a day’s process by implementing audit processes on the blockchain. This will also ensure that the Audit trail of Evidence is managed with the participants in a transparent manner.

Third-Party Risk Management:

When an organization onboarding the third party, the company needs to be extra cautious and be aware of the bad history if any. That will save the organization from reputational risk. A survey questionnaire can be floated to a third party and the responses can be recorded on the blockchain which cannot be tampered with by any other third party. That will give more visibility about the risk score of the third-party organization which can be evaluated by the organization and decide whether to onboard them or not.

Regulatory Change Management:

There’s an ever-changing regulatory environment that organizations have to comply with and adhere to. Regulatory changes are mandated by the regulatory authorities. A lot of times, the entire process of complying with regulatory standards becomes time-consuming while doing it in a traditional way. However, all the information about the processes that need to be compliant with can be deployed on the blockchain, so the audit process will be simple and easy. Regulatory standards can be deployed on the blockchain so that the data will always be accessible and untampered. Some of the regulatory standards are:

  1. For Healthcare and Insurance – HIPPA – Health Insurance Portability and Accountability Act of 1996
  2. For IT sector – ISO – International Organization for Standardization
  3. For IT sector and Cross-sector – NIST – National Institute of Standards and Technology
  4. For Privacy – GDPR – General Data Protection Regulation (EU based standards)
  5. For BFSI – AML – Anti-Money Laundering; KYC – Know Your Customer
  6. For BFSI and Cross-Sector – PCI-DSS – Payment Card Industry Data Security Standards
  7. For Enterprise Fraud Control – SOX – Sarbanes Oxley

Other Important Aspects:

Transparency in compliance can bring trust in the company and anyone associated with the company can ensure the company will do all the right things for the business. 

Auditing of new technology adoption by enterprises has been a key challenge for Auditors, it is essential to know if the PoCs and standards are right to meet the organization's goals to get digitally transformed.

ESG ensures the whole supply chain right from financial funding to Carbon footprint to Social causes like philosophy and gender equality are governed in the right way so that Enterprise can be transparent about practices, showcase the right certificates, partner with 3rd parties that adhere to ESG norms to bring trust within and outside the organization 

The GRC Special Interest Group will help to streamline the processes on how organizations operate in an efficient way and need not worry about complying with all the regulations and government entities. This SIG will help to curate and formulate the documents on how this can be taken further to make it into an industry standard.  By creating a small community in this interest will create a value system for each individual who’s keen to make an impact on the GRC on the blockchain. We all will take a step towards achieving the above-mentioned lines, so please help to guide our passage and inform us of all your needs in the process which will bring the output of something you will want to use!

1.1. Mission

The Governance Risk and Compliance Special Interest Group (GRCSIG ) represents industry professionals working together to study how Hyperledger DLTs interact with Governance Risk & Compliance use cases. Issuance and trading of instruments to continued market-making, management of risk, program-trading, standards, regulations, capital requirements, traceability, post trade settlement, custody including corporate actions for Governance Risk & Compliance. Compliance use cases. The Mission of this group is to research blockchain as a technology and its right use in the GRC space, work with other contributors to define standards in the GRC space and work on PoCs to generate value and to develop acceptance of DLT with GRC Practitioners. If interested and open to contributing, you can register yourself via this link, you will need a Linux Foundation ID to access the SIG. You can add your detail to the Member Directory post-registration. please also Subscribe to the Group Mailing List and post an introduction there so other group members can get to know you. 

This group also explores architecture, identity, and performance-related considerations specific to Governance Risk & Compliance and DLTs. Business and technology professionals from the Governance Risk & Compliance world come together in this SIG to discuss, brain storm brainstorm and learn from each other. 

...

Under the different topic groups, led by subject matter experts; we will work on documents, diagrams, presentations, implementations, or road maps of solutions. For existing projects, as well as outputs please see the link

As we collaborate, all output will be made available in the open. For ease of discovery by new comers newcomers and others, this material will be annotated and labeled with keywords for easy searching. The aim is to  If any code is produced, the output will be easily downloadable from open-source. Documentation and deployment will be made as friction-less frictionless as possible. SIG members who are in touch with practitioner groups, as well as working groups, the technical steering committee, and other SIGs, will either bring knowledge of methods and practice from such groups or push out our findings to these groups to create synergy in the Hyperledger ecosystem.   

...

  • Identifying related proofs of concepts, current pilots, use cases, and functional architecture in Governance Risk & Compliance;

  • Sharing stories of successes, failures, opportunities, and challenges;

  • Identifying conferences or other opportunities to connect face to face, as well as submit talks or present as a group at an event.

...

Hyperledger SIGs are open and global communities where anyone from anywhere can and should be able to participate, contribute, and access tools and information.  For example, this means that even with meetings that are held via teleconference, we have to involve those not on the calls who are online. Best practice in an open and global community is to keep in mind time zone differences of the group participants and make sure to include non-meeting participants in group discussions and decisions by active use of the mailing list, the wiki and Rocket Chat. All SIGs must adhere to the Hyperledger Code of Conduct and Anti-Trust Policy (see below) during meetings:

...

GRCSIG membership shall be free and open to members of the community who have an interest in issues as they relate to the SIG topic technologies in general, and blockchain technologies. SIG membership is established by subscription to the mailing list.

All participation in the groups activities is voluntary. It is perfectly fine to listen in to a group and do nothing. Of course active contribution is our goal, but it is not a requirement for membership.

Anyone can propose agenda items, activities, and work products. In work products, the only requirement is there's enough buy-in from community members to want to volunteer to complete the product.


7.2 Governance

Governance of the GRCSIG shall be managed through its membership in accordance with the guidelines and overriding jurisdiction of Hyperledger leadership.

...

  • Facilitating the group and helping ensure that the mission statement and goals are observed and met

  • Scheduling and facilitating regular General Meetings open to all GRCSIG membership

  • Developing and distributing meeting agendas at least one business day before the scheduled meeting

  • Ensuring that all group members have the opportunity to participate in decisions and provide input even when not attending a meeting. SIG communities are global and a chair should make efforts to ensure all are included in the community’s activities. This can be done by ensuring meeting notes are shared after calls and any major decisions are shared on the mailing list.

  • Ensure recordings/minutes are taken during meetings which captures the discussion and includes a list of meeting participants, shared post meeting, and are added to the SIG wiki page

  • Manage the SIG wiki page

  • Generate Special Interest Group Quarterly Updates to present to Hyperledger POC in a timely manner and communicate regularly on any concerns or questions related to the SIG

  • Serving as a proxy and ambassador for GRCSIG membership (as appropriate)

  • Enforcing adherence to the Hyperledger Code of Conduct and communicating the Anti-Trust Policy

...

All GRCSIG membership meetings are placed on the Hyperledger Community Calendar. To ensure that a cancelled meeting is removed from the calendar, the person leading the meeting shall send a meeting cancellation request to zoom@hyperledger.org.

Additionally, a meeting cancellation notification shall be made to GRCSIG membership through both the mailing list and chat channels.

...