GRC risks, risk criteria, and risk approach rules

A risk is a defined consequence that can occur if a policy is ignored. Risk criteria values are stored in the Risk Criteria [grc_risk_criteria] table. Approach rules are a short description of the approach philosophy that will be used to mitigate the risk. Demo data in GRC provides a default range of criteria levels from least to most for both types.