Support and services

Your support in good times and bad

Do you need temporary or ongoing support? Trust GRCguard for in-depth knowledge.

1

Certification support

Are you starting a certification process for the first time? Or do you have too little time to update existing certifications? Our specialists will be happy to help you set up, optimise and maintain your management system.

What we do

The GRCguard specialists manage your certification process. This process is facilitated from A to Z by means of a planning application. 

Key stakeholders get access to this application and together we ensure that the certification process runs smoothly.

Do you get stuck at crucial times due to a lack of knowledge or time? Report it to your GRCguard certification supervisor. We will help out where necessary or take control if you temporarily don’t have the capacity yourself.

What's in it for you?

  • Your products and/or services meet the relevant certifiable standard
  • Structure and stability for your employees
  • More certainty and confidence for your clients
  • Increased business efficiency and customer satisfaction

Want to know more?

Contact us for a no-obligation consultation.

In a personal meeting we will discuss:

  • Which standard is best for you
  • What ISO certification will mean for you and what you need to know.
  • How the certification process will proceed
  • What we need from you to prepare a quotation
  • And you can, of course, ask any questions you may have
  • Overall cost estimate

2

Internal ISO/NEN audit

ICT is evolving rapidly and information security threats are increasing daily. Organisations are struggling to keep up. As such, it’s important to reflect on relevant developments annually. For certified organisations, this is even mandatory.

What we do

Auditing an organisation for information security is specialised work. GRCguard conducts the audit at the strategic, tactical and operational levels. This involves ICT staff and specialists, management and the executive board.

We conduct the audit thoroughly, but in the spirit of the standard. We do this with personal attention from an enthusiastic, committed and inspired team. A team with a no-nonsense mentality, that enjoys working together and acts on the basis of innovative thinking and scope for action.

We audit against the standards ISO 27001, NEN 7510, ISO 9001, BIO, PCI-DSS, ISO 27017, ISO 27018 and ISO 27701 – privacy

What's in it for you?

  • An audit report
  • Grip on the organisation
  • Quality assurance
  • Compliance with ISO or NEN standard controls
  • PDCA assurance

Want to know more?

Then contact us for a no-obligation intake interview about an internal ISO/NEN audit. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.

3

Cybersecurity

Your organisation wants to have cybersecurity demonstrably in order. Consider, for example, chain responsibility and privacy protection. In addition, cyber maturity improves your reputation and market position.

What we do

We help your organisation understand its current cyber maturity level. We will advise you on technical and organisational measures. If your organisation adopts this advice and implements improvement actions, we reduce the risk of a cyber attack. We take responsibility on all fronts.

What's in it for you?

With the Cybersecurity Scan, we do a scan on the ISO 27001:2022 controls: People, Technological, Physical and Organisational. You will receive a report with the status of your organisation on these controls, and recommendations to reduce risks.

Want to know more?

Contact us for a no-obligation intake interview on cybersecurity. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.

4

Cybersecurity advice

Your organisation wants to have cybersecurity demonstrably in order. Consider, for example, chain responsibility, information security and privacy protection. In addition, cyber maturity improves your reputation and market position.

What we do

GRCguard helps raise the level of cyber maturity.

We provide advice on technical and organisational cyber measures. Examples include:

  • Choice of SIEM/SOC solution
  • Ransomware plan
  • Crisis response organisation
  • Patch and vulnerability management
  • Awareness 
  • Point security solutions
  • IAM
  • MFA
  • Pen testing

What's in it for you?

If your organisation adopts our advice and implements improvement actions, we reduce the risk of a cyber attack. In doing so, we take responsibility on all fronts.

Want to know more?

Contact us for a no-obligation intake interview on cybersecurity. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.

5

iAWARE

This is an online programme we use to increase employees’ cyber awareness, reducing the likelihood of ransomware attacks or data breaches. Key components of the programme include:

  • Online training via personal dashboard
  • Management dashboard for insight into progress
  • Phishing simulation

What we do

We provide a full-service solution for your organisation with awareness preparation, execution and reporting. The key features of iAWARE are:

Brief and to the point
A high level of employee engagement is key. We have an extremely user-friendly design, easy-to-understand videos, interactive tests, and friendly notifications so that employees stay actively interested, while managers can focus on other things.

Reports, because the manager will ask for them
Key statistics are presented in an easy-to-understand manner. Get quick insight into how employees and departments are completing the training.

We make sure your employees take action so you don’t have to
We make your job easier by sending automated messages. Not only do we send convenient training reminders to your employees, but we also send your managers automated reports so they can see their employees’ progress.

What's in it for you?

Start today and we will train your employees to be alert to cyber threats! We increase cyber knowledge with short and easy-to-follow training videos. The training videos are in line with international information security standards.

Want to know more?

Contact us for a no-obligation intake interview on iAware. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.

6

ISO 27001, 22301 and NEN 7510
Documentation Toolkit

The standards stipulate that certain management system information must be “available as documented information” and that the organisation must maintain documented information. The standard also states that you must keep documented information up to date. What does this mean?

This concerns the documents that explain and support the functioning of the information security management system. Through registration, you then indicate that this information has been kept up to date; the burden of proof. Besides the fact that the standard requires this, it is also a lot easier for yourself to make activities demonstrable, for example towards a certifying authority.

We have created the toolkit to help companies save the time and cost of document preparation. Our easy-to-use toolkit will help you prepare thoroughly for any certification.

What we do

Turning policy into legible documentation is quite a challenge. How do you get started with it, how do you know if it is enough, is everything equally important, how is it workable for your colleagues? These are just a few of the questions that come into play within the process of documentation.

We have developed highly useful templates for this. These templates were developed by experienced ISO and NEN specialists.

What's in it for you?

There are 60 document templates for NEN 7510, ISO 27001 and ISO 22301. The documents are already 80% pre-filled. The remaining 20% is company-specific. Purchasing this toolkit will save you a lot of time, bring structure and get you in line with the relevant standard significantly faster.

Want to know more?

Contact us for a no-obligation intake interview on our documentation toolkit. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.

7

Online compliance baseline measurement

For organisations with multiple national and international offices, subsidiaries, partners, dealerships, profit centres or some other form of chain responsibility, it is often difficult to gain insight into whether all affiliated parties comply with centrally set standards and guidelines.

Our online compliance baseline makes this transparent in a Powerapp based on the Microsoft Power platform, combined with Azure services such as SQL server, Azure AD and Azure Blob.

If you answer the questions below with a yes, our solution could be an interesting tool for you.

  1. Does your organisation need to demonstrate compliance with laws and regulations, national and international systems of standards, standards, licensing systems or proprietary Control Frameworks?
  2. Does your organisation lack visibility into local maturity levels and compliance with respect to agreements made?
  3. Does your organisation have national and international offices, partners, dealerships, profit centres or some other form of chain responsibility?

What we do

GRCguard builds customised baseline measurements for all industries and is happy to help you take control. GRCguard can also assist your organisation in actual implementation, communication and reporting during a baseline measurement.

What's in it for you?

By performing this baseline measurement, you will work towards standardisation and identify risks, giving the organisation demonstrable control of its operations. All evidence from all chain partners is stored centrally, yet separately.

We would be happy to meet with you to come up with a solution that fits your challenge.

We do this in a pragmatic, constructive and transparent manner. Contact us at:

E: info@grcguard.com
T: +31 85 130 76 02.

8

Privacy advice

The General Data Protection Regulation (GDPR) has caused a stir in the Netherlands and abroad. This European Privacy Act regulates that companies and organisations must process personal data with due care. You must, for example, have a legitimate reason for processing third-party personal data. Also, collecting more personal data than necessary is not permitted.

The GDPR has been in effect since 25 May 2018. Around the time the legislation was introduced, almost all businesses worth their salt studied the obligations it entailed. Currently, however, it is becoming less and less of a priority in many companies. The main reasons: the rules are not always clear and setting up and maintaining a GDPR-proof system is time-consuming. Moreover, there is only little enforcement, especially within SMEs.

Nevertheless, GDPR enforcement is slowly getting stricter. The risk of a fine is especially high given the risk of a cyber attack by malicious parties. You are required to report any such cases. Malpractices uncovered as a result can be heavily fined, unless you can prove that you have complied with privacy guidelines.

What we offer.

During the privacy consulting process, we map out the extent to which your organisation meets all the requirements. GRCguard benchmarks your organisation against the Privacy Guidelines of the Center for Information Security and Privacy Protection. Set up by the Tax and Customs Administration, DUO Education Executive Agency, SVB Social Insurance Bank and UWV Employee Insurance Agency, the CIP stems from the Compact Civil Service programme (2011-2012).

GRCguard provides insight into the current privacy maturity level through a report and provides clearly defined improvement actions. These improvement actions are classified according to the following criteria:

  • Risk
  • Lead time
  • Complexity

What's in it for you?

With the report – if everything is in order – you can demonstrate that you correctly handle personal data of, for example, customers or employees. It makes it clear to employees which procedures are essential to remain GDPR compliant. If desired, we can include privacy management in weCOMPLY.  You decide whether to outsource it or do it yourself.

Would you like to make an inquiry?

Contact us for a no-obligation intake interview on privacy protection. After the meeting, we can provide an estimate in terms of lead time, impact on your organisation and cost. If desired, we can provide a quotation.

Want to start using our support and services today?

How can we help you?

(Multiple options possible)

Scroll to Top