_edited.png)
Consulting Services
We extend implementation consulting on a wide variety of standards, frameworks, business areas and regulations and laws as required by the client organisations. We work across domains and industry sectors.
We handhold the client organisations till they achieve their intended results.
The sectors we work with:
-
Information Technology - IT Services Organisations, Product Development Organisations and Hybrid Organisations having multiple verticals
-
ITeS
-
Supply chain
-
Logistics
-
Manufacturing
-
Medical devices / Pharma
Integrated Management Systems (IMS)
Many organisations will be in need of implementing multiple management systems or frameworks. We help organisations create integrated management systems rather than building siloed systems that do not interact with each other. Integrated management system helps an organisation's overhead drastically.
Project, Human Resources, Sourcing, Administration, Legal / Regulatory Risk Management
Risk management is an integral part of any project activity. In parallel to the project delivery activities, risk management related activities also to be performed. Depending on the type and nature of the project, we recommend appropriate methodology for risk assessment and treatment.
Apart from the enterprise risk, project risk or information risk management, we also provide advisory on various other areas in an organisation.
Business Continuity and Disaster Recovery (Business Resilience) Management
We extend our advisory services on building good resiliency mechanisms and continuity management system for disaster or emergency situations. We use best practice frameworks and industry accepted, proven standards like ISO 22301:2019, BCI or DRI recommended practices to build BCMS.
Quality Management System (QMS)
Quality Management System is an inevitable part of any organisation in whichever form it exists. It actually comprises of many elements that include performance management, conformance management at the highest level, then, security management, service management and so on. GRC Mentor help an organisation build a robust QMS incorporating many required and relevant elements.
Our focus areas:
IT Service Management
ITSM Good Practice Frameworks
IS/IEC 20000-1:2018
CMMi Svc 2.0
FitSM
VeriSM
Any organisation that is into service delivery and support should have a good service management system based on a best practice framework.
GRC Mentor helps creating a workable and effective service management system in high velocity, digital world.
Third party certification arrangements.
Information Security
ISO/IEC 27001:2022
PCI DSS
NIST Cybersecurity Framework
Creation of an information security management system (ISMS) based on the above standards or as required by the organisation.
End to end project management with risk mitigation actions recommendations including technology planning.
Third party certification arrangements.
Enterprise Risk Management
ISO 31000:2018
COSO ERM
Enterprise risk management plays a major role in enterprise governance.
GRC Mentor helps an organisation create an overall risk management framework and tailored process depending on the organisational context.
The framework will leverage on risk management principles and ensure all required internal controls are in place. This helps an organisation to efficiently achieve its objectives.
Enterprise IT Governance
COBIT 5 / COBIT 2019
ISO/IEC 38500:2015
Enterprise IT Governance is enabled by various factors that include alignment of IT to the enterprise strategies and objectives.
The term Governance point to the achievement of objectives at various levels in the organisation.
We help organisations build their IT governance framework well aligned to enterprise objectives.
Business Continuity Management
ISO 22301:2019
Building enterprise resiliency mechanisms based on the business needs and risk appetite is very vital for any organisation today because of the uncertainties that exist in any environment.
GRC Mentor help an organisation build their BCP and DRP based on the RPO, RTO and SDO that are arrived at by performing a detailed BIA and help define the strategies needed to meet business requirements aligning to their customer needs.
Data Privacy
EU GDPR
PDPA
CCPA
GLBA, HIPAA, others
Data privacy protection is essential for any organisation today due to the increased awareness and regulations.
GRC Mentor will identify the compliance requirements, build necessary systems that suits an organisation based on its needs and help roll out. Privacy Impact Assessments, Data Mapping, Policy definitions - all supported by GRC Mentor for any kind of an organisation.
IT/InfoSec Risk Management
ISO 27005:2022
NIST Risk Management Framework
A very important element in ISMS creation is deciding on the most appropriate method for risk management. Various frameworks are available for the same in the industry today. Depending on the orgaisation's specific needs and context, a methodology has to be developed.
GRC Mentor helps an organisation in adopting and adapting the most suitable methodology infosec risk management.
Compliance Management
SOx
FDA QSR, GxP
Compliance Management System is a need of any organisation anywhere in the world. GRC Mentor helps an organisation building their CMS incorporating all their specific compliance needs.
The compliance needs are common and industry/sector/location specific. We help you build a comprehensive system to take care of all the compliance requirements that include legal/regulatory/contractual needs.
CISO Advisory Services
Supporting CISOs on defining the right Information Security Strategy, determining a robust Risk Management Method, arriving at the right decision on Technology or create an ISMS, identifying the relevant compliance requirements