Are you starting a certification process for the first time? Or do you have too little time to update existing certifications? Our specialists will be happy to help you set up, optimise and maintain your management system.
The GRCguard specialists manage your certification process. This process is facilitated from A to Z by means of a planning application.
Key stakeholders get access to this application and together we ensure that the certification process runs smoothly.
Do you get stuck at crucial times due to a lack of knowledge or time? Report it to your GRCguard certification supervisor. We will help out where necessary or take control if you temporarily don’t have the capacity yourself.
Contact us for a no-obligation consultation.
In a personal meeting we will discuss:
ICT is evolving rapidly and information security threats are increasing daily. Organisations are struggling to keep up. As such, it’s important to reflect on relevant developments annually. For certified organisations, this is even mandatory.
Auditing an organisation for information security is specialised work. GRCguard conducts the audit at the strategic, tactical and operational levels. This involves ICT staff and specialists, management and the executive board.
We conduct the audit thoroughly, but in the spirit of the standard. We do this with personal attention from an enthusiastic, committed and inspired team. A team with a no-nonsense mentality, that enjoys working together and acts on the basis of innovative thinking and scope for action.
We audit against the standards ISO 27001, NEN 7510, ISO 9001, BIO, PCI-DSS, ISO 27017, ISO 27018 and ISO 27701 – privacy
Then contact us for a no-obligation intake interview about an internal ISO/NEN audit. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
GRCguard offers a number of subscription options that can be fully customized and based on needs. For example, our specialists can support your organization one day a month or one day a week. This allows deployment to be concentrated on certain peak periods, such as audits or annual tasks, so that deployment is optimally tailored to the needs.
You can administratively divide the total days to be used over the contract duration, so that you are billed a fixed amount per month. We therefore offer financial clarity and predictability.
Information Security Officer
Does your organization need to get its information security in order, but does your organization not have sufficient expertise, experience or available manpower to carry this out effectively and efficiently?
With the Information Security Officer as a Service subscription you can outsource all your security-related tasks to our Information Security Officers. This allows us to supplement or fully meet your temporary or structural lack of resources and Information Security Management becomes our concern.
Data Protection Officer
The Data Protection Officer monitors the application and compliance with the General Data Protection Regulation within an organization.
The statutory duties and powers of the DPO give him an independent position in the organization. The fact that the Dutch Data Protection Authority is gaining more and more powers and can issue higher fines is a powerful impetus for companies to become ‘privacy compliant’ and appoint a Data Protection Officer.
The tasks of the DPO include, for example, monitoring compliance with the GDPR and data protection policy and informing about new developments.
More specifically, the DPO provides advice with regard to Data Protection Impact Assessments (DPIAs) and ensures that awareness remains up to date. If necessary, the DPO works together with the Dutch Data Protection Authority.
With the FG as a Service subscription you can outsource the DPO tasks to our DPOs. Privacy supervision therefore becomes our concern.
For a no-obligation consultation or further explanation, please contact us. We are happy to help you.
Your organisation wants to have cybersecurity demonstrably in order. Consider, for example, chain responsibility and privacy protection. In addition, cyber maturity improves your reputation and market position.
We help your organisation understand its current cyber maturity level. We will advise you on technical and organisational measures. If your organisation adopts this advice and implements improvement actions, we reduce the risk of a cyber attack. We take responsibility on all fronts.
With the Cybersecurity Scan, we do a scan on the ISO 27001:2022 controls: People, Technological, Physical and Organisational. You will receive a report with the status of your organisation on these controls, and recommendations to reduce risks.
Contact us for a no-obligation intake interview on cybersecurity. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
Your organisation wants to have cybersecurity demonstrably in order. Consider, for example, chain responsibility, information security and privacy protection. In addition, cyber maturity improves your reputation and market position.
GRCguard helps raise the level of cyber maturity.
We provide advice on technical and organisational cyber measures. Examples include:
If your organisation adopts our advice and implements improvement actions, we reduce the risk of a cyber attack. In doing so, we take responsibility on all fronts.
Contact us for a no-obligation intake interview on cybersecurity. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
This is an online programme we use to increase employees’ cyber awareness, reducing the likelihood of ransomware attacks or data breaches. Key components of the programme include:
We provide a full-service solution for your organisation with awareness preparation, execution and reporting. The key features of iAWARE are:
Brief and to the point
A high level of employee engagement is key. We have an extremely user-friendly design, easy-to-understand videos, interactive tests, and friendly notifications so that employees stay actively interested, while managers can focus on other things.
Reports, because the manager will ask for them
Key statistics are presented in an easy-to-understand manner. Get quick insight into how employees and departments are completing the training.
We make sure your employees take action so you don’t have to
We make your job easier by sending automated messages. Not only do we send convenient training reminders to your employees, but we also send your managers automated reports so they can see their employees’ progress.
Start today and we will train your employees to be alert to cyber threats! We increase cyber knowledge with short and easy-to-follow training videos. The training videos are in line with international information security standards.
Contact us for a no-obligation intake interview on iAware. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
The standards stipulate that certain management system information must be “available as documented information” and that the organisation must maintain documented information. The standard also states that you must keep documented information up to date. What does this mean?
This concerns the documents that explain and support the functioning of the information security management system. Through registration, you then indicate that this information has been kept up to date; the burden of proof. Besides the fact that the standard requires this, it is also a lot easier for yourself to make activities demonstrable, for example towards a certifying authority.
We have created the toolkit to help companies save the time and cost of document preparation. Our easy-to-use toolkit will help you prepare thoroughly for any certification.
Turning policy into legible documentation is quite a challenge. How do you get started with it, how do you know if it is enough, is everything equally important, how is it workable for your colleagues? These are just a few of the questions that come into play within the process of documentation.
We have developed highly useful templates for this. These templates were developed by experienced ISO and NEN specialists.
There are 60 document templates for NEN 7510, ISO 27001 and ISO 22301. The documents are already 80% pre-filled. The remaining 20% is company-specific. Purchasing this toolkit will save you a lot of time, bring structure and get you in line with the relevant standard significantly faster.
Contact us for a no-obligation intake interview on our documentation toolkit. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
For organisations with multiple national and international offices, subsidiaries, partners, dealerships, profit centres or some other form of chain responsibility, it is often difficult to gain insight into whether all affiliated parties comply with centrally set standards and guidelines.
Our online compliance baseline makes this transparent in a Powerapp based on the Microsoft Power platform, combined with Azure services such as SQL server, Azure AD and Azure Blob.
If you answer the questions below with a yes, our solution could be an interesting tool for you.
GRCguard builds customised baseline measurements for all industries and is happy to help you take control. GRCguard can also assist your organisation in actual implementation, communication and reporting during a baseline measurement.
We do this in a pragmatic, constructive and transparent manner. Contact us at:
The General Data Protection Regulation (GDPR) has caused a stir in the Netherlands and abroad. This European Privacy Act regulates that companies and organisations must process personal data with due care. You must, for example, have a legitimate reason for processing third-party personal data. Also, collecting more personal data than necessary is not permitted.
The GDPR has been in effect since 25 May 2018. Around the time the legislation was introduced, almost all businesses worth their salt studied the obligations it entailed. Currently, however, it is becoming less and less of a priority in many companies. The main reasons: the rules are not always clear and setting up and maintaining a GDPR-proof system is time-consuming. Moreover, there is only little enforcement, especially within SMEs.
Nevertheless, GDPR enforcement is slowly getting stricter. The risk of a fine is especially high given the risk of a cyber attack by malicious parties. You are required to report any such cases. Malpractices uncovered as a result can be heavily fined, unless you can prove that you have complied with privacy guidelines.
During the privacy consulting process, we map out the extent to which your organisation meets all the requirements. GRCguard benchmarks your organisation against the Privacy Guidelines of the Center for Information Security and Privacy Protection. Set up by the Tax and Customs Administration, DUO Education Executive Agency, SVB Social Insurance Bank and UWV Employee Insurance Agency, the CIP stems from the Compact Civil Service programme (2011-2012).
GRCguard provides insight into the current privacy maturity level through a report and provides clearly defined improvement actions. These improvement actions are classified according to the following criteria:
With the report – if everything is in order – you can demonstrate that you correctly handle personal data of, for example, customers or employees. It makes it clear to employees which procedures are essential to remain GDPR compliant. If desired, we can include privacy management in weCOMPLY. You decide whether to outsource it or do it yourself.
Contact us for a no-obligation intake interview on privacy protection. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.
When forming contracts, a security check is a crucial step to ensure that all parties involved are protected against possible (cyber) threats.
This process involves assessing the IT systems, processes and data involved in the contract to identify vulnerabilities and risks.
It is important to have a clear picture of which security measures are already in place and which ones still need to be implemented.
An effective security check in contract formation consists of:
Performing a thorough independent security check is not only important for immediate security, but also helps build trust between the contracting parties and strengthen the overall cyber resilience of the organisations involved. It is an investment that pays off in the long run in both security and business continuity.
We do this in a pragmatic, constructive and transparent manner.