Governance, risk and compliance - GRC consulting services

Governance, risk and compliance Governance, risk and compliance

BT GRC consulting services

Contact a security expert


Improve your business.

There's a natural tendency to think of risk management as a way of avoiding disaster - staying out of prison, staying out of court and staying out of the headlines. However, risk management isn't just about avoiding those disasters. If you want to succeed then risk management is vital to ensuring your business is set up to achieve its goals.

Clearly this means having a proper understanding of risk across your organisation, and how risks might threaten your corporate objectives and strategy. It requires detailed assessment, measurement and monitoring of risk. This detailed insight into the internal and external operating environment can become a key enabler for better corporate decision making. In other words, it can help you achieve your goals and deliver increased value to key stakeholders – which can come in the form of reduced compliance and operating costs, or improved business performance.

We can help you and cover all aspects of the ongoing challenge to manage risk and compliance while reducing costs.

The benefits.

Following our standardised approach, our accredited and highly skilled security consultants can help you to define and create end-to-end processes around your governance, risk and compliance needs and embed these into your organisation. We are also able to help with specific GRC requirements such as implementing security awareness programs for your staff, defining a governance operating model or performing a gap analysis.  

We can also provide managed security solutions which will address requirements related to law and legislation (PCI-DSS, HIPAA, EU Data Protection Directive and Regulation, Data Protection Act, Sarbanes- Oxley Act, BASEL III, and more) or fulfill bespoke requirements.

Our credentials

Global talent
We have access to a huge pool of security talent. With over 2500 security professionals around the world, of which 500 are security consultants, you’ll have access to specialists in cyber defence, risk and compliance, application and data security and infrastructure. We can offer you the combined vast knowledge and experience of our highly skilled network security consultants alongside proven methodologies.

Breadth of experience
We are ideally placed to help with independent advice. We work with organisations such as the UK’s Ministry of Defence, who demand the highest level of protection. We have also consulted on security for large scale events such as the NATO summit and Expo Milano 2015. Our experience in the finance, manufacturing, retail, government and healthcare sectors is proven. In the field of ethical hacking and penetration testing we have more than 20 years’ experience, testing both our own networks and those of our customers.

We are accredited to deliver professional services on a global scale, meeting ISO9001:2008 quality management system standards. Our relevant accreditations include CESG CHECK, ANSSI, PASSI and the following CREST schemes: Penetration Testing and Simulated Target Attack & Response (STAR).

Joined-up defence
BT is among only a handful of Managed Security providers that also has very strong global capabilities in Information Security Consulting and IT Risk Consulting. We are also one of only a few organisations providing integrated network and security solutions. This joined up approach means that we can look at all the elements of people, process and technology, prevent gaps and provide a joined-up strategy to protect against cyber threats.

Risk management is about your willingness to take risks, knowing which risks to take and when to take them”.
- Laurent Borowski, Head Governance, risk and compliance - BT Security Consulting.

The details

Our approach

  • Our unique program and project management methodology is based on MSP and PRINCE2 and provides a flexible and stable set of operating procedures which are independent of organisation structure.
  • Depending on the size of the engagement project management will be done by a consultant or a dedicated project or program manager.
  • Our proposal will include the basics of scope and deliverables and may also include managed security services, training (on-the-job), hard and software components as well as maintenance contracts to cover hardware break/fix and/or software updates.
  • During the project, we will report status updates and whenever needed exception reports as well. This enables you to understand the overall progress of the project and understand whether critical issues have arisen.
  • The project deliverables may, depending on the scope, include design, installation and implementation documents.
  • In order to guarantee high quality output the project deliverables go through a peer and document quality review before they are shared with you
  • Once the project has been delivered and handed over to you, it is up to you. Understanding and managing risk while ensuring compliancy requires you to be continuously focused. It is a never ending challenge part of supporting a successful business.


GRC consulting services availability.

Available globally.