Back to top
Connect
Search & find
SUPPORT AND SERVICES
Your support in good times and bad
Do you need temporary or ongoing support? Trust GRCguard for in-depth knowledge.
1
Certification support
Are you starting a certification process for the first time? Or do you have too little time to update existing certifications? Our specialists will be happy to help you set up, optimise and maintain your management system.
What we do
The GRCguard specialists manage your certification process. This process is facilitated from A to Z by means of a planning application.
Key stakeholders get access to this application and together we ensure that the certification process runs smoothly.
Do you get stuck at crucial times due to a lack of knowledge or time? Report it to your GRCguard certification supervisor. We will help out where necessary or take control if you temporarily don’t have the capacity yourself.
What's in it for you?
- Your products and/or services meet the relevant certifiable standard
- Structure and stability for your employees
- More certainty and confidence for your clients
- Increased business efficiency and customer satisfaction
Want to know more?
Contact us for a no-obligation consultation.
In a personal meeting we will discuss:
- Which standard is best for you
- What ISO certification will mean for you and what you need to know.
- How the certification process will proceed
- What we need from you to prepare a quotation
- And you can, of course, ask any questions you may have
- Overall cost estimate
2
Internal ISO/NEN audit
ICT is evolving rapidly and information security threats are increasing daily. Organisations are struggling to keep up. As such, it’s important to reflect on relevant developments annually. For certified organisations, this is even mandatory.
What we do
Auditing an organisation for information security is specialised work. GRCguard conducts the audit at the strategic, tactical and operational levels. This involves ICT staff and specialists, management and the executive board.
We conduct the audit thoroughly, but in the spirit of the standard. We do this with personal attention from an enthusiastic, committed and inspired team. A team with a no-nonsense mentality, that enjoys working together and acts on the basis of innovative thinking and scope for action.
We audit against the standards ISO 27001, NEN 7510, ISO 9001, BIO, PCI-DSS, ISO 27017, ISO 27018 and ISO 27701 – privacy
What's in it for you?
- An audit report
- Grip on the organisation
- Quality assurance
- Compliance with ISO or NEN standard controls
- PDCA assurance
Want to know more?
Then contact us for a no-obligation intake interview about an internal ISO/NEN audit. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
3
As a service
GRCguard offers a number of subscription options that can be fully customized and based on needs. For example, our specialists can support your organization one day a month or one day a week. This allows deployment to be concentrated on certain peak periods, such as audits or annual tasks, so that deployment is optimally tailored to the needs.
The most important benefits for you are
- Deployment when you need it and by the right specialist;
- Fixed costs per month.
You can administratively divide the total days to be used over the contract duration, so that you are billed a fixed amount per month. We therefore offer financial clarity and predictability.
GRCguard offers the following subscription types
Information Security Officer
Does your organization need to get its information security in order, but does your organization not have sufficient expertise, experience or available manpower to carry this out effectively and efficiently?
With the Information Security Officer as a Service subscription you can outsource all your security-related tasks to our Information Security Officers. This allows us to supplement or fully meet your temporary or structural lack of resources and Information Security Management becomes our concern.
Data Protection Officer
The Data Protection Officer monitors the application and compliance with the General Data Protection Regulation within an organization.
The statutory duties and powers of the DPO give him an independent position in the organization. The fact that the Dutch Data Protection Authority is gaining more and more powers and can issue higher fines is a powerful impetus for companies to become ‘privacy compliant’ and appoint a Data Protection Officer.
The tasks of the DPO include, for example, monitoring compliance with the GDPR and data protection policy and informing about new developments.
More specifically, the DPO provides advice with regard to Data Protection Impact Assessments (DPIAs) and ensures that awareness remains up to date. If necessary, the DPO works together with the Dutch Data Protection Authority.
With the FG as a Service subscription you can outsource the DPO tasks to our DPOs. Privacy supervision therefore becomes our concern.
Want to know more?
For a no-obligation consultation or further explanation, please contact us. We are happy to help you.
4
Cybersecurity
Your organisation wants to have cybersecurity demonstrably in order. Consider, for example, chain responsibility and privacy protection. In addition, cyber maturity improves your reputation and market position.
What we do
We help your organisation understand its current cyber maturity level. We will advise you on technical and organisational measures. If your organisation adopts this advice and implements improvement actions, we reduce the risk of a cyber attack. We take responsibility on all fronts.
What's in it for you?
With the Cybersecurity Scan, we do a scan on the ISO 27001:2022 controls: People, Technological, Physical and Organisational. You will receive a report with the status of your organisation on these controls, and recommendations to reduce risks.
Want to know more?
Contact us for a no-obligation intake interview on cybersecurity. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
5
Cybersecurity advice
Your organisation wants to have cybersecurity demonstrably in order. Consider, for example, chain responsibility, information security and privacy protection. In addition, cyber maturity improves your reputation and market position.
What we do
GRCguard helps raise the level of cyber maturity.
We provide advice on technical and organisational cyber measures. Examples include:
- Choice of SIEM/SOC solution
- Ransomware plan
- Crisis response organisation
- Patch and vulnerability management
- Awareness
- Point security solutions
- IAM
- MFA
- Pen testing
What's in it for you?
If your organisation adopts our advice and implements improvement actions, we reduce the risk of a cyber attack. In doing so, we take responsibility on all fronts.
Want to know more?
Contact us for a no-obligation intake interview on cybersecurity. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
6
iAWARE
This is an online programme we use to increase employees’ cyber awareness, reducing the likelihood of ransomware attacks or data breaches. Key components of the programme include:
- Online training via personal dashboard
- Management dashboard for insight into progress
- Phishing simulation
What we do
We provide a full-service solution for your organisation with awareness preparation, execution and reporting. The key features of iAWARE are:
Brief and to the point
A high level of employee engagement is key. We have an extremely user-friendly design, easy-to-understand videos, interactive tests, and friendly notifications so that employees stay actively interested, while managers can focus on other things.
Reports, because the manager will ask for them
Key statistics are presented in an easy-to-understand manner. Get quick insight into how employees and departments are completing the training.
We make sure your employees take action so you don’t have to
We make your job easier by sending automated messages. Not only do we send convenient training reminders to your employees, but we also send your managers automated reports so they can see their employees’ progress.
What's in it for you?
Start today and we will train your employees to be alert to cyber threats! We increase cyber knowledge with short and easy-to-follow training videos. The training videos are in line with international information security standards.
Want to know more?
Contact us for a no-obligation intake interview on iAware. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
7
ISO 27001, 22301 and NEN 7510
Documentation Toolkit
The standards stipulate that certain management system information must be “available as documented information” and that the organisation must maintain documented information. The standard also states that you must keep documented information up to date. What does this mean?
This concerns the documents that explain and support the functioning of the information security management system. Through registration, you then indicate that this information has been kept up to date; the burden of proof. Besides the fact that the standard requires this, it is also a lot easier for yourself to make activities demonstrable, for example towards a certifying authority.
We have created the toolkit to help companies save the time and cost of document preparation. Our easy-to-use toolkit will help you prepare thoroughly for any certification.
What we do
Turning policy into legible documentation is quite a challenge. How do you get started with it, how do you know if it is enough, is everything equally important, how is it workable for your colleagues? These are just a few of the questions that come into play within the process of documentation.
We have developed highly useful templates for this. These templates were developed by experienced ISO and NEN specialists.
What's in it for you?
There are 60 document templates for NEN 7510, ISO 27001 and ISO 22301. The documents are already 80% pre-filled. The remaining 20% is company-specific. Purchasing this toolkit will save you a lot of time, bring structure and get you in line with the relevant standard significantly faster.
Want to know more?
Contact us for a no-obligation intake interview on our documentation toolkit. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
8
Online compliance baseline measurement
For organisations with multiple national and international offices, subsidiaries, partners, dealerships, profit centres or some other form of chain responsibility, it is often difficult to gain insight into whether all affiliated parties comply with centrally set standards and guidelines.
Our online compliance baseline makes this transparent in a Powerapp based on the Microsoft Power platform, combined with Azure services such as SQL server, Azure AD and Azure Blob.
If you answer the questions below with a yes, our solution could be an interesting tool for you.
- Does your organisation need to demonstrate compliance with laws and regulations, national and international systems of standards, standards, licensing systems or proprietary Control Frameworks?
- Does your organisation lack visibility into local maturity levels and compliance with respect to agreements made?
- Does your organisation have national and international offices, partners, dealerships, profit centres or some other form of chain responsibility?
What we do
GRCguard builds customised baseline measurements for all industries and is happy to help you take control. GRCguard can also assist your organisation in actual implementation, communication and reporting during a baseline measurement.
What's in it for you?
We would be happy to meet with you to come up with a solution that fits your challenge.
We do this in a pragmatic, constructive and transparent manner. Contact us at:
9
Privacy advice
The General Data Protection Regulation (GDPR) has caused a stir in the Netherlands and abroad. This European Privacy Act regulates that companies and organisations must process personal data with due care. You must, for example, have a legitimate reason for processing third-party personal data. Also, collecting more personal data than necessary is not permitted.
The GDPR has been in effect since 25 May 2018. Around the time the legislation was introduced, almost all businesses worth their salt studied the obligations it entailed. Currently, however, it is becoming less and less of a priority in many companies. The main reasons: the rules are not always clear and setting up and maintaining a GDPR-proof system is time-consuming. Moreover, there is only little enforcement, especially within SMEs.
Nevertheless, GDPR enforcement is slowly getting stricter. The risk of a fine is especially high given the risk of a cyber attack by malicious parties. You are required to report any such cases. Malpractices uncovered as a result can be heavily fined, unless you can prove that you have complied with privacy guidelines.
What we offer.
During the privacy consulting process, we map out the extent to which your organisation meets all the requirements. GRCguard benchmarks your organisation against the Privacy Guidelines of the Center for Information Security and Privacy Protection. Set up by the Tax and Customs Administration, DUO Education Executive Agency, SVB Social Insurance Bank and UWV Employee Insurance Agency, the CIP stems from the Compact Civil Service programme (2011-2012).
GRCguard provides insight into the current privacy maturity level through a report and provides clearly defined improvement actions. These improvement actions are classified according to the following criteria:
- Risk
- Lead time
- Complexity
What's in it for you?
With the report – if everything is in order – you can demonstrate that you correctly handle personal data of, for example, customers or employees. It makes it clear to employees which procedures are essential to remain GDPR compliant. If desired, we can include privacy management in weCOMPLY. You decide whether to outsource it or do it yourself.
Would you like to make an inquiry?
Contact us for a no-obligation intake interview on privacy protection. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
10
Security check when forming contracts
When forming contracts, a security check is a crucial step to ensure that all parties involved are protected against possible (cyber) threats.
This process involves assessing the IT systems, processes and data involved in the contract to identify vulnerabilities and risks.
It is important to have a clear picture of which security measures are already in place and which ones still need to be implemented.
What we offer.
An effective security check in contract formation consists of:
- Risk analysis: identifying potential risks to information security and privacy protection within the context of the contract. (DPIA)
- Security policy: Assessing the existing security policies and procedures of the parties involved to ensure they are part of the contract.
- Cyber Assessment: Carrying out a Cyber Security Check to understand whether there are any gaps, which could unexpectedly cause contractual disputes.
- Compliance Check: Verifying that the parties involved comply with relevant laws and regulations, such as the GDPR.
- Incident Response Plan: Ensuring that a plan is in place in case a security incident occurs during the contract term.
What's in it for you?
Performing a thorough independent security check is not only important for immediate security, but also helps build trust between the contracting parties and strengthen the overall cyber resilience of the organisations involved. It is an investment that pays off in the long run in both security and business continuity.
We would be happy to discuss this with you to come up with a solution that suits your challenge.
We do this in a pragmatic, constructive and transparent manner.
