Consulting Services

We extend implementation consulting on a wide variety of standards, frameworks, business areas and regulations and laws as required by the client organisations. We work across domains and industry sectors. 

We handhold the client organisations till they achieve their intended results. 

The sectors we work with:

  • Information Technology - IT Services Organisations, Product Development Organisations and Hybrid Organisations having multiple verticals

  • ITeS 

  • Supply chain

  • Logistics

  • Manufacturing

  • Medical devices / Pharma 

 

Integrated Management Systems (IMS)

Many organisations will be in need of implementing multiple management systems or frameworks. We help organisations create integrated management systems rather than building siloed systems that do not interact with each other. Integrated management system helps an organisation's overhead drastically. 

Project, Human Resources, Sourcing, Administration, Legal / Regulatory Risk Management

Risk management is an integral part of any project activity. In parallel to the project delivery activities, risk management related activities also to be performed. Depending on the type and nature of the project, we recommend appropriate methodology for risk assessment and treatment. 

Apart from the enterprise risk, project risk or information risk management, we also provide advisory on various other areas in an organisation.

Business Continuity and Disaster Recovery (Business Resilience) Management

We extend our advisory services on building good resiliency mechanisms and continuity management system for disaster or emergency situations. We use best practice frameworks and industry accepted, proven standards like ISO 22301:2019, BCI or DRI recommended practices to build BCMS. 

Quality Management System (QMS)

Quality Management System is an inevitable part of any organisation in whichever form it exists. It actually comprises of many elements that include performance management, conformance management at the highest level, then, security management, service management and so on. GRC Mentor help an organisation build a robust QMS incorporating many required and relevant elements.

Our focus areas:

IT Service Management

ITIL v3 / ITIL 4

IS/IEC 20000-1:2018

CMMi Svc 2.0

FitSM

VeriSM

Any organisation that is into service delivery and support should have a good service management system based on a best practice framework. 

GRC Mentor helps creating a workable and effective service management system in high velocity, digital world.

Third party certification arrangements.

Information Security

ISO/IEC 27001:2013

PCI DSS

NIST Cybersecurity Framework

Creation of an information security management system (ISMS) based on the above standards or as required by the organisation. 

End to end project management with risk mitigation actions recommendations including technology planning.

Third party certification arrangements.

Enterprise Risk Management

ISO 31000:2018

COSO ERM

Enterprise risk management plays a major role in enterprise governance. 

GRC Mentor helps an organisation create an overall risk management framework and tailored process depending on the organisational context.

 

The framework will leverage on risk management principles and ensure all required internal controls are in place. This helps an organisation to efficiently achieve its objectives. 

Enterprise IT Governance

COBIT 5 / COBIT 2019

ISO/IEC 38500:2015

Enterprise IT Governance is enabled by various factors that include alignment of IT to the enterprise strategies and objectives.

The term Governance point to the achievement of objectives at various levels in the organisation. 

We help organisations build their IT governance framework well aligned to enterprise objectives.

Business Continuity Management

ISO 22301:2019

Building enterprise resiliency mechanisms based on the business needs and risk appetite is very vital for any organisation today because of the uncertainties that exist in any environment.

GRC Mentor help an organisation build their BCP and DRP based on the RPO, RTO and SDO that are arrived at by performing a detailed BIA and help define the strategies needed to meet business requirements aligning to their customer needs.

Data Privacy

EU GDPR

PDPA

CCPA

GLBA, HIPAA, others

Data privacy protection is essential for any organisation today due to the increased awareness and regulations. 

GRC Mentor will identify the compliance requirements, build necessary systems that suits an organisation based on its needs and help roll out. Privacy Impact Assessments, Data Mapping, Policy definitions - all supported by GRC Mentor for any kind of an organisation. 

IT/InfoSec Risk Management

ISO 27005:2018

NIST Risk Management Framework

A very important element in ISMS creation is deciding on the most appropriate method for risk management. Various frameworks are available for the same in the industry today. Depending on the orgaisation's specific needs and context, a methodology has to be developed. 

GRC Mentor helps an organisation in adopting and adapting the most suitable methodology infosec risk management.

Compliance Management

SOx

FDA QSR, GxP

Compliance Management System is a need of any organisation anywhere in the world. GRC Mentor helps an organisation building their CMS incorporating all their specific compliance needs. 

The compliance needs are common and  industry/sector/location specific. We help you build a comprehensive system to take care of all the compliance requirements that include legal/regulatory/contractual needs.

CISO Advisory Services

Supporting CISOs on defining the right Information Security Strategy, determining a robust Risk Management Method, arriving at the right decision on Technology or create an ISMS, identifying the relevant compliance requirements

Security Risk Assessment

Technology Decisions

Security Strategy

© GRC Mentor 2020. All Rights Reserved.