Audit

Independent assurance and certification readiness

  • ISO 27001 Audit & Certification — Gap analysis against ISO 27001:2022 requirements, internal audit services and management reviews, pre-certification readiness assessments, external certification support and surveillance, and ISMS documentation review and validation.
  • Regulatory Compliance Audits — RBI, IRDAI, and SEBI compliance assessments; DPDP Act and GDPR compliance audits; SOC 2 Type I and Type II readiness; third-party vendor security assessments; and privacy impact assessments (PIAs).
  • Information Security Audits — Comprehensive security posture assessments, vulnerability assessments and penetration testing readiness, cloud security configuration reviews, access control and privilege management audits, and data governance and classification audits.
  • Certification Readiness — Pre-audit gap remediation, evidence preparation, control implementation tracking, management review facilitation, and ongoing surveillance support to keep your certifications current.

Consulting

Strategic advisory and implementation services

  • GRC Strategy & Framework Development — Enterprise risk management program design, governance framework implementation, risk appetite and tolerance definition, board-level risk reporting and dashboards, and regulatory horizon scanning and impact analysis.
  • Information Security Consulting — Security strategy and roadmap development, threat modelling and risk assessment, security architecture design and review, incident response planning and testing, and security awareness program design.
  • Data Privacy & Protection Advisory — DPDP Act implementation roadmaps, GDPR compliance strategy and gap remediation, privacy by design consulting, cross-border data transfer assessments, and data retention and deletion policy development.
  • RSA Archer Platform Advisory — Archer platform strategy and roadmap, use case design and optimisation, integration architecture planning, governance model establishment, and ROI optimisation consulting.

Business Process Optimisation

Operational excellence and automation

  • RSA Archer Implementation & Optimisation — Complete platform deployment and configuration, custom use case development (Risk, Compliance, Audit, TPRM), workflow automation and integration, user training and change management, and ongoing managed services and support.
  • GRC Process Automation — Risk assessment workflow automation, compliance monitoring and reporting automation, policy management lifecycle optimisation, vendor risk management process streamlining, and risk-driven management workflow implementation.
  • Business Continuity & Crisis Management — Business impact analysis (BIA) and process mapping, BCP/DRP development and testing, crisis communication framework design, supply chain resilience planning, and tabletop exercises and simulation training.
  • Operational Risk Management — Process risk identification and mapping, key risk indicator (KRI) development, loss event management frameworks, control effectiveness testing automation, and operational resilience program design.

Specialised Programs

Designed for purpose-driven organisations and self-directed teams

  • For Purpose-Driven Organisations — Preferred-rate consulting packages, pro-bono risk assessments for select NGOs, social impact measurement frameworks, and mission-aligned security strategies.
  • Self-Assessment Tools — A 25-question GRC maturity assessment, ISO 27001 readiness scoring, NIST CSF alignment evaluation, and instant dashboard with recommendations.

Ready to elevate your risk and compliance posture?

Contact us for a confidential consultation, or begin with our complimentary GRC self-assessment.