Code of Conduct

"Fast learning organizations are capable of fast change and creative evolution."

Guidelines for The GRC Sphere Members, Management & Staff

The GRC Sphere is an industry consortium for Governance, Risk and Compliance professionals that fosters an “industry benchmarking” & “best practices” mentality. Industry benchmarking is the process of identifying, refining and learning from global “good” practices. Our GRC Sphere industry consortium leverages a powerful “networked community” model that combines industry benchmarking topics and services that promote Governance Rick Compliance (GRC) good practices in the quest for continuous improvement, GRC “convergence” (enterprise integration) and breakthroughs in work excellence.

The GRC Sphere members, management and staff adhere to this code of conduct to:

  • Guide industry benchmarking education and GRC practice “way’s-of-working”
  • Advance the professionalism and effectiveness of GRC benchmarking
  • Help contribute to efficient, effective, and ethical community growth and interaction
Consortium Benchmarking

The GRC Sphere provides a collaborative environment and web services that assist members, management and staff in changing how we perceive the role of GRC practices in business enterprises. Our objective is to create a more holistic integrated vision where GRC practice disciples are synthesized with the everyday business model; namely “GRC convergence”. We provide a variety of collaborative web services and benchmarking activities that span industries, enterprise functions and processes and topics. We lead the consortium, facilitate meetings, oversee member services, conduct events, and promote the need for industry studies.


1.0 Legality

1.1 If there is any potential question on the legality of an activity, then consult with your corporate counsel.

1.2 Avoid discussions or actions that could lead to or imply an interest in restraint of trade, market and / or customer allocation schemes, price fixing, dealing arrangements, bid rigging, or bribery. Don’t discuss costs with competitors if costs are an element of pricing.

1.3 Refrain from the acquisition of trade secrets from another by any means that could be interpreted as improper, including the breach or inducement of a breach of any duty to maintain secrecy. Do not disclose or use any trade secret that may have been obtained through improper means or that was disclosed by another in violation of duty to maintain its secrecy or limit its use.

1.4 Do not, as a consultant or client, extend benchmarking study findings to another company without first ensuring that the data is appropriately blinded and anonymous so that the participants’ identities are protected.

2.0 Exchange

2.1 Be willing to provide to your benchmarking partner with the same type and level of information that you request from them.

2.2 Fully communicate early in the relationship to clarify expectations, avoid misunderstandings, and establish mutual interest in the benchmarking exchange.

2.3 Be honest and complete with the information submitted.

2.4 Provide information in a timely manner as outlined by the stated benchmarking schedule.

3.0 Confidentiality

3.1 Treat benchmarking interchange as confidential to the individuals and companies involved. Information must not be communicated outside the partnering organizations without the prior consent of the benchmarking partner who shared the information.

3.2 A company’s participation is confidential and should not be communicated externally without their prior permission.

4.0 Use

4.1 Use information obtained through benchmarking only for purposes stated to the benchmarking partner.

4.2 The use or communication of a benchmarking partner’s name with the data obtained or practices observed requires the prior permission of the benchmarking partner.

4.3 Contact lists or other contact information provided in any form may not be used for purposes other than benchmarking and networking.

5.0 Contact

5.1 Respect the corporate culture of partner companies, and work within mutually agreed procedures.

5.2 Use benchmarking contacts designated by the partner company if that is its preferred procedure.

5.3 Obtain mutual agreement with the designated benchmarking contact on any hand-off of communication or responsibility to other parties.

5.4 Obtain an individual’s permission before providing his or her name in response to a contact request.

5.5 Avoid communicating a contact’s name in an open forum without the permission of the individual.

6.0 Preparation

6.1 Demonstrate commitment to the efficiency and effectiveness of benchmarking by being prepared prior to making an initial benchmarking contact.

6.2 Make the most of your benchmarking partner’s time by being fully prepared for each exchange.

6.3 Help your benchmarking partners prepare by providing them with a questionnaire and agenda prior to benchmarking visits.

7.0 Completion

7.1 Follow through with each commitment made to your benchmarking partner in a timely manner.

7.2 Complete a benchmarking effort to the satisfaction of all benchmarking partners as mutually agreed.

8.0 Understanding and Action

8.1 Understand how your benchmarking partner would like to be treated.

8.2 Treat your benchmarking partner in the way that your benchmarking partner would want to be treated.

8.3 Understand how your benchmarking partner would like to have the information he or she provides handled and used. Handle and use it in that manner.


The following guidelines apply to both partners in a benchmarking encounter with competitors or potential competitors:

  • In benchmarking with competitors, establish specific ground rules up-front. For example, “We don’t want to talk about things that will give either of us a competitive advantage, but rather we want to see where we both can mutually improve or gain benefit.”
  • Benchmarkers should check with legal counsel if any information gathering procedure is in doubt (e.g., before contacting a direct competitor). If uncomfortable, do not proceed. Alternatively, negotiate and sign a specific non-disclosure agreement that will satisfy the attorneys representing each partner.
  • Do not ask competitors for sensitive data or cause the benchmarking partner to feel they must provide data to continue the process.
  • Use an ethical third party to assemble and “blind” competitive data, with inputs from legal counsel in direct competitor sharing. (Note: When cost is closely linked to price, sharing cost data can be considered to be the same as sharing price data.)
  • Any information obtained from a benchmarking partner should be treated as internal, privileged communications. If “confidential” or proprietary material is to be exchanged, then a specific agreement should be executed to specify the content of the material that needs to be protected, the duration of the period of protection, the conditions for permitting access to the material, and the specific handling requirements necessary for that material.
Benchmarking Protocol
  • Know and abide by this document; our Benchmarking Code of Conduct.
  • Have basic knowledge of benchmarking and follow a benchmarking process.
  • Prior to initiating contact with potential benchmarking partners, determine what to benchmark, identify key performance variables to study, recognize superior-performing companies, and complete a rigorous self-assessment.
  • Have a questionnaire and interview guide developed, and share these in advance if requested.
  • Possess the authority to share and be willing to share information with benchmarking partners.
  • Work through a specified host and mutually agreed upon scheduling and meeting arrangements.

The GRC Sphere wishes to thank The Benchmarking Network ( and APQC ( and for their guidance in helping us to formulate our own GRC Sphere Code of Conduct.

Who do I contact if I have questions about the Code of Conduct?

GRC Sphere Member Support: Phil Wilson, Architect; Member Programs & Services

Contact Information:
Phone Number: North America and Outside North America 1.978.456.8253