Summary of our GRC CaaMS Service

The GRC Compliance as a Service takes on these tasks and risk management activities and manages them to ensure compliance posture is maintained throughout the year, rather than condensing these activities just before an audit. 

For a monthly cost using our GRC CaaMS, dedicated and experienced compliance and security consultants, will provide the following services advice:  

• Compliance alignment to issues relating but not limited to: 

  • GDPR,  
  • UK DPA,  
  • UNECE R155/156/157 
  • NIST 800-53 
  • SOC2,  
  • ISO27001/2,  
  • PCI DSS 
  • Cyber Essentials 
  • Cyber essential Plus 

Below is a summary of the services provided. 

On boarding customisation  – Review of Setting up of applicable controls following a review and scoping assessment in scope to ensure full coverage 

GAP Reporting – Create a GAP analysis report and score against the compliance or regulatory requirements

Planning – Develop a remediation and mitigation plan

Project Management – Manage the project to fit in with your companies project methodology i.e. Prince 2, Agile, Hybrid.

Governance Risk Compliance (GRC) – Using a GRC system all controls in scope will be mapped for control implementation and Risk Management

Data Protection – Data Protection Impact Assessment (DPIA) risk analysis

Data Protection Office – Delivery of DPO service and obligations under DPA and EU GDPR

Continuous Monitoring – Your risks and controls will be continuously monitored for compliance status by use of dashboards and reports giving a real time view of your companies compliance status.

Continuous Testing – Compliance controls will be tracked and compliance related tasks pursued to maintain compliance will be managed to delegated owners.

Evidence Management – Ensuring that evidence required for audits or regulatory readiness is always up to date, by managing evidence delivery stakeholders.

Risk Management – Compliance and security Risks will be tracked, managed, escalations and mitigation actions pursued with owners to ensure risks are managed to your companies threshold risk appetite.

Supplier Management – Management of supplier security assessment with ongoing risk management and security posture

Audit Readiness reporting – Ability to obtain audit readiness reports for pre-audit reparation.

Audit Management – Manage the audit requirements and full engagement to deliver Auditor requirement.

Project Security Assurance – Review new and existing projects to ensure security and meets corporate standards and compliance requirements.