Overview

Governance, Risk and Compliance (GRC) is where a skilled consultant meets with you, evaluates your current security position, and provides constructive advice to help you be more secure.

Process

Our advisory projects follow a less-rigid process than our technical projects, but broadly they follow the following process:

• Scoping: We start by scoping the engagement, understanding what you’re looking for, any key concerns that you may have and understand how we can help. From this, we produce a Statement of Work detailing the effort required, cost, any prerequisites, and our approach to the engagement.
• Scheduling: We’ll work with you to understand your deadlines, and any constraints you may have for any key milestones or deliverables which are part of the project.
• Mahi: We’ll carry out the project, by:
  • Gathering any documentation we need.
  • Organising relevant workshops/meetings.
  • Performing reviews and analysis.
  • Writing up any reports or documentation.
  • Providing advice on what we have identified. This can be an iterative process depending on the particular project.
• Closeout meeting: A close-out meeting is held to provide any additional context around the results of the project and possible business impact of what we identified, and to provide a chance for any further questions on how to remediate what was found or regarding recommended follow up actions subsequent to the project.