Are you starting a certification process for the first time? Or do you have too little time to update existing certifications? Our specialists will be happy to help you set up, optimise and maintain your management system.
The GRCguard specialists manage your certification process. This process is facilitated from A to Z by means of a planning application.
Key stakeholders get access to this application and together we ensure that the certification process runs smoothly.
Do you get stuck at crucial times due to a lack of knowledge or time? Report it to your GRCguard certification supervisor. We will help out where necessary or take control if you temporarily don’t have the capacity yourself.
Contact us for a no-obligation consultation.
In a personal meeting we will discuss:
ICT is evolving rapidly and information security threats are increasing daily. Organisations are struggling to keep up. As such, it’s important to reflect on relevant developments annually. For certified organisations, this is even mandatory.
Auditing an organisation for information security is specialised work. GRCguard conducts the audit at the strategic, tactical and operational levels. This involves ICT staff and specialists, management and the executive board.
We conduct the audit thoroughly, but in the spirit of the standard. We do this with personal attention from an enthusiastic, committed and inspired team. A team with a no-nonsense mentality, that enjoys working together and acts on the basis of innovative thinking and scope for action.
We audit against the standards ISO 27001, NEN 7510, ISO 9001, BIO, PCI-DSS, ISO 27017, ISO 27018 and ISO 27701 – privacy
Then contact us for a no-obligation intake interview about an internal ISO/NEN audit. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
Your organisation wants to have cybersecurity demonstrably in order. Consider, for example, chain responsibility and privacy protection. In addition, cyber maturity improves your reputation and market position.
We help your organisation understand its current cyber maturity level. We will advise you on technical and organisational measures. If your organisation adopts this advice and implements improvement actions, we reduce the risk of a cyber attack. We take responsibility on all fronts.
With the Cybersecurity Scan, we do a scan on the ISO 27001:2022 controls: People, Technological, Physical and Organisational. You will receive a report with the status of your organisation on these controls, and recommendations to reduce risks.
Contact us for a no-obligation intake interview on cybersecurity. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
Your organisation wants to have cybersecurity demonstrably in order. Consider, for example, chain responsibility, information security and privacy protection. In addition, cyber maturity improves your reputation and market position.
GRCguard helps raise the level of cyber maturity.
We provide advice on technical and organisational cyber measures. Examples include:
If your organisation adopts our advice and implements improvement actions, we reduce the risk of a cyber attack. In doing so, we take responsibility on all fronts.
Contact us for a no-obligation intake interview on cybersecurity. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
This is an online programme we use to increase employees’ cyber awareness, reducing the likelihood of ransomware attacks or data breaches. Key components of the programme include:
We provide a full-service solution for your organisation with awareness preparation, execution and reporting. The key features of iAWARE are:
Brief and to the point
A high level of employee engagement is key. We have an extremely user-friendly design, easy-to-understand videos, interactive tests, and friendly notifications so that employees stay actively interested, while managers can focus on other things.
Reports, because the manager will ask for them
Key statistics are presented in an easy-to-understand manner. Get quick insight into how employees and departments are completing the training.
We make sure your employees take action so you don’t have to
We make your job easier by sending automated messages. Not only do we send convenient training reminders to your employees, but we also send your managers automated reports so they can see their employees’ progress.
Start today and we will train your employees to be alert to cyber threats! We increase cyber knowledge with short and easy-to-follow training videos. The training videos are in line with international information security standards.
Contact us for a no-obligation intake interview on iAware. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
The standards stipulate that certain management system information must be “available as documented information” and that the organisation must maintain documented information. The standard also states that you must keep documented information up to date. What does this mean?
This concerns the documents that explain and support the functioning of the information security management system. Through registration, you then indicate that this information has been kept up to date; the burden of proof. Besides the fact that the standard requires this, it is also a lot easier for yourself to make activities demonstrable, for example towards a certifying authority.
We have created the toolkit to help companies save the time and cost of document preparation. Our easy-to-use toolkit will help you prepare thoroughly for any certification.
Turning policy into legible documentation is quite a challenge. How do you get started with it, how do you know if it is enough, is everything equally important, how is it workable for your colleagues? These are just a few of the questions that come into play within the process of documentation.
We have developed highly useful templates for this. These templates were developed by experienced ISO and NEN specialists.
There are 60 document templates for NEN 7510, ISO 27001 and ISO 22301. The documents are already 80% pre-filled. The remaining 20% is company-specific. Purchasing this toolkit will save you a lot of time, bring structure and get you in line with the relevant standard significantly faster.
Contact us for a no-obligation intake interview on our documentation toolkit. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
For organisations with multiple national and international offices, subsidiaries, partners, dealerships, profit centres or some other form of chain responsibility, it is often difficult to gain insight into whether all affiliated parties comply with centrally set standards and guidelines.
Our online compliance baseline makes this transparent in a Powerapp based on the Microsoft Power platform, combined with Azure services such as SQL server, Azure AD and Azure Blob.
If you answer the questions below with a yes, our solution could be an interesting tool for you.
GRCguard builds customised baseline measurements for all industries and is happy to help you take control. GRCguard can also assist your organisation in actual implementation, communication and reporting during a baseline measurement.
We do this in a pragmatic, constructive and transparent manner. Contact us at:
The General Data Protection Regulation (GDPR) has caused a stir in the Netherlands and abroad. This European Privacy Act regulates that companies and organisations must process personal data with due care. You must, for example, have a legitimate reason for processing third-party personal data. Also, collecting more personal data than necessary is not permitted.
The GDPR has been in effect since 25 May 2018. Around the time the legislation was introduced, almost all businesses worth their salt studied the obligations it entailed. Currently, however, it is becoming less and less of a priority in many companies. The main reasons: the rules are not always clear and setting up and maintaining a GDPR-proof system is time-consuming. Moreover, there is only little enforcement, especially within SMEs.
Nevertheless, GDPR enforcement is slowly getting stricter. The risk of a fine is especially high given the risk of a cyber attack by malicious parties. You are required to report any such cases. Malpractices uncovered as a result can be heavily fined, unless you can prove that you have complied with privacy guidelines.
During the privacy consulting process, we map out the extent to which your organisation meets all the requirements. GRCguard benchmarks your organisation against the Privacy Guidelines of the Center for Information Security and Privacy Protection. Set up by the Tax and Customs Administration, DUO Education Executive Agency, SVB Social Insurance Bank and UWV Employee Insurance Agency, the CIP stems from the Compact Civil Service programme (2011-2012).
GRCguard provides insight into the current privacy maturity level through a report and provides clearly defined improvement actions. These improvement actions are classified according to the following criteria:
With the report – if everything is in order – you can demonstrate that you correctly handle personal data of, for example, customers or employees. It makes it clear to employees which procedures are essential to remain GDPR compliant. If desired, we can include privacy management in weCOMPLY. You decide whether to outsource it or do it yourself.
Contact us for a no-obligation intake interview on privacy protection. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.