What we do
Audit, Consulting & Business Process Optimisation
We deliver Governance, Risk, and Compliance excellence through three core service pillars designed to protect, transform, and optimise your organisation.
Audit
Independent assurance and certification readiness
- ISO 27001 Audit & Certification — Gap analysis against ISO 27001:2022 requirements, internal audit services and management reviews, pre-certification readiness assessments, external certification support and surveillance, and ISMS documentation review and validation.
- Regulatory Compliance Audits — RBI, IRDAI, and SEBI compliance assessments; DPDP Act and GDPR compliance audits; SOC 2 Type I and Type II readiness; third-party vendor security assessments; and privacy impact assessments (PIAs).
- Information Security Audits — Comprehensive security posture assessments, vulnerability assessments and penetration testing readiness, cloud security configuration reviews, access control and privilege management audits, and data governance and classification audits.
- Certification Readiness — Pre-audit gap remediation, evidence preparation, control implementation tracking, management review facilitation, and ongoing surveillance support to keep your certifications current.
Consulting
Strategic advisory and implementation services
- GRC Strategy & Framework Development — Enterprise risk management program design, governance framework implementation, risk appetite and tolerance definition, board-level risk reporting and dashboards, and regulatory horizon scanning and impact analysis.
- Information Security Consulting — Security strategy and roadmap development, threat modelling and risk assessment, security architecture design and review, incident response planning and testing, and security awareness program design.
- Data Privacy & Protection Advisory — DPDP Act implementation roadmaps, GDPR compliance strategy and gap remediation, privacy by design consulting, cross-border data transfer assessments, and data retention and deletion policy development.
- RSA Archer Platform Advisory — Archer platform strategy and roadmap, use case design and optimisation, integration architecture planning, governance model establishment, and ROI optimisation consulting.
Business Process Optimisation
Operational excellence and automation
- RSA Archer Implementation & Optimisation — Complete platform deployment and configuration, custom use case development (Risk, Compliance, Audit, TPRM), workflow automation and integration, user training and change management, and ongoing managed services and support.
- GRC Process Automation — Risk assessment workflow automation, compliance monitoring and reporting automation, policy management lifecycle optimisation, vendor risk management process streamlining, and risk-driven management workflow implementation.
- Business Continuity & Crisis Management — Business impact analysis (BIA) and process mapping, BCP/DRP development and testing, crisis communication framework design, supply chain resilience planning, and tabletop exercises and simulation training.
- Operational Risk Management — Process risk identification and mapping, key risk indicator (KRI) development, loss event management frameworks, control effectiveness testing automation, and operational resilience program design.
Specialised Programs
Designed for purpose-driven organisations and self-directed teams
- For Purpose-Driven Organisations — Preferred-rate consulting packages, pro-bono risk assessments for select NGOs, social impact measurement frameworks, and mission-aligned security strategies.
- Self-Assessment Tools — A 25-question GRC maturity assessment, ISO 27001 readiness scoring, NIST CSF alignment evaluation, and instant dashboard with recommendations.