Home Login Contact

Contact us...

+44 (0) 208 133 0242

Three Lines of Defence Model

What is the Three Lines of Defence model?

The Three Lines of Defence model helps business leaders to manage risk effectively.

It facilitates a cohesive and coordinated approach, by establishing three independent levels of risk management, segregating key duties and reducing the potential for conflicts of interest.

Among other regulators and organisations, the Three Lines of Defence model is endorsed by:

Contact Us

+44 (0) 208 133 0242

Why do we need Three Lines of Defence model?

The Three Lines of Defence model was developed in response to the 2007/2008 global financial crisis.

The crisis highlighted that some teams within larger organisations were apparently taking risks that were well beyond the organisation's risk appetite.

The risks were neither adequately identified nor monitored by Senior Management and the Board.

The Three Lines of Defence model is still dependent on the Board and Executive leadership defining appropriate risk appetites and governing risks accordingly. The Board is still accountable for their Governance, Risk management and Compliance (GRC).

What are the Three Lines of Defence?

As shown on the diagram below, the Three Lines of Defence forms part of the overall organisational design.

Three Lines of Defence Model

In summary:

Three Lines of Defence for Data Protection

From a Data Protection perspective, for larger organisations, we typically see:

Also see our article on the relationship between Data Protection, Privacy and Security.

Need to know more about the 3 lines of defence?

At DataGRC, our specialists have used the Three Lines of Defence in a wide range of industries and organisations

Contact us now, if you would like further advice, training, project support or assurance reviews.