All services

GRC Consulting

Governance, Risk & Compliance programs that protect your business and satisfy your auditors.

Starting from

$4,500

USD · scope-dependent

8–20 weeksDedicated senior consultantEN/FR delivery
Get a quote

Overview

Regulatory pressure is intensifying across every industry. We help you build GRC programs that are genuinely effective — not checkbox exercises. Whether you are preparing for ISO 27001, SOC 2, NIST CSF, or a sector-specific audit, we deliver a framework your teams can own and maintain long after the engagement ends.

What we cover

Every engagement is tailored to your needs — pick one module or combine them.

ISO 27001 Readiness

Gap analysis, Statement of Applicability, risk treatment plan, and control implementation roadmap aligned to Annex A.

SOC 2 Type I & II Preparation

Trust Services Criteria mapping, evidence collection, control testing, and pre-audit readiness assessment.

NIST CSF & CMMC Alignment

Framework mapping, maturity scoring, and a prioritised roadmap for US federal and DoD supply chain requirements.

Policy & Procedure Library

Drafted, reviewed, and customised security policies, procedures, and standards aligned to your chosen framework.

Risk Register & Treatment Plan

Business-contextualized risk identification, likelihood/impact scoring, and a treatment plan with ownership assignments.

Security Awareness Training

Tailored training sessions for executives, managers, and technical teams — in English or French.

Included deliverables

Current-state gap analysis report
Risk register with business-impact scoring
Policy & procedure library (customised)
Controls implementation roadmap
Evidence collection templates & tracker
Audit preparation & evidence packages
Vendor and third-party risk assessment
Executive-level compliance dashboard

Our process

1

Scoping & baseline

We define the target framework, audit scope, and assess your current compliance posture.

2

Risk assessment

Structured risk identification workshops with your key stakeholders to build a business-contextualized risk register.

3

Framework design

Policy authoring, control selection, and a realistic implementation roadmap with clear ownership.

4

Implementation support

Hands-on guidance during rollout, evidence collection, and pre-audit readiness validation.

Frequently asked questions

Which compliance frameworks do you cover?

We cover ISO 27001, SOC 2 (Type I & II), NIST CSF (1.1 and 2.0), CMMC, HIPAA Security Rule, PCI-DSS, GDPR, and Texas TDPSA. We also work with sector-specific frameworks on request.

Does a GRC engagement guarantee certification?

No. Certifications are awarded by accredited third-party auditors, not by us. Our work prepares you to the highest standard so you enter the audit in the strongest possible position — but we cannot guarantee an auditor's outcome.

Can you help us maintain compliance after the initial engagement?

Yes. We offer ongoing advisory retainers for annual review cycles, evidence refresh, and responding to changes in the regulatory landscape.

Start your project

Tell us about your situation — we'll get back to you within 48 hours.