Skip to Main Content
Mobile Menu

IT Governance, Risk and Compliance Home Page

Gears with the words Governance, Risk, and Compliance on them

Who We Are

Information Technology Governance, Risk and Compliance or IT GRC is defined as a set of internal programs or processes that helps bridge the gap between Boise State University’s institutional strategies and IT’s plans for strategic execution. IT GRC’s primary focus is on the management of IT-related and security related programs and processes such as firewall administration, security information management systems, system controls and automation, vulnerability monitoring, identity and data access management along with IT policy, disaster recovery and business continuity planning.

Mission Statement

As a department within the Office of Information Technology, IT GRC’s mission is to leverage industry standard GRC processes to:

  • Establish and maintain a regulatory framework to satisfy IT governance requirements.
  • Identify, evaluate and manage IT risks across the Boise State enterprise.
  • Monitor and report on Boise State IT compliance as it relates to state and federal laws.


  • IT Compliance is defined as programs or processes that ensure Boise State’s IT resources and systems are operated in ways that meet the laws and regulations impacting those systems and comply with institutional policy.
  • IT Governance is defined as programs or processes that ensure that the campus IT strategy and OIT is aligned with the Boise State strategic plan.
  • IT Risk Management is defined as programs or processes that help Boise State identify the risks that it faces with regard to its present or planned IT resources and systems and affirmatively address those risks in a way that satisfies its overall goals.