I am confused on what governance really means here? Like having policies, adhering to frameworks, etc. The thing is when I look into GRC tools, most of them are like we will get you SOC2 compliant, or ISO compliant all at one place, how are these handling governance part of the process, like risk and compliance comes under this? Is there something specific which covers governance, plus what is all these modern GRC tools? How they are claiming to be modern? Please help as I am confused about these tools, need to choose a tool for small sized company, do they even need it? Like management told our team to handle GRC? Can we somehow manage it internally or need to buy a tool, We are already doing risk analysis on some assets, and compliance activities using simple spreadsheets, like gap analysis, and other registers etc. I don't know what exactly this GRC thing is, are these tools justified