Governance, risk, and compliance (GRC) is the framework an organization uses to align its information technology with its business goals and objectives. First research on GRC was published in 2007 where GRC was formally defined as "the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity.

GRC is a multidisciplinary set of ServiceNow applications that are designed to empower enterprise organizations to identify and manage risk in order to make informed decisions for process and compliance improvements. Governance, risk management and compliance (GRC) is the term covering an organization's approach across these three practices: governance, risk management and compliance.