Personalise your experience

Get the latest insights relevant to your sector.


What is GRC?

Develop a comprehensive governance, risk and compliance strategy.

Within enterprises, different departments are responsible for managing cyber risks, business goals and adhering to laws and regulations regarding data and information security. Without a Governance, risk, and compliance (GRC) strategy, all these different responsibilities will exist in silos.

Governance, risk, and compliance is a combined approach, that enables companies to stay abreast of business dynamics, technologies and regulation changes. Developing and deploying a GRC strategy comes with a list of benefits: reduction of silos, improved decision-making and optimised IT investments.

BT’s GRC advisory services are designed to help you adapt to changes in national and international data protection regulations and implement effective security frameworks. Our expertise covers:

  • Risk assessment and risk management - document your agreed risk appetite and develop a comprehensive risk management process
  • Security risk assessment – identifying and fixing gaps in existing compliance frameworks
  • Compliance testing and compliance audit – identifying gaps in existing compliance regimes, interpreting regulatory requirements and implementing appropriate frameworks.

Our GRC advisory capabilities

What are our GRC security advisory services?

BT GRC advisory services can help you implement an effective governance regime and ensure the correct level of security for your business. Our data management and compliance consultants help you with:

  • Risk assessment and risk management – using our risk assessment methodology to help you assess any risk to your critical assets and then develop strategies to help you mitigate those risks
  • Security health check – using an industry-standard framework to create a custom report showing effective and missing controls as well as any risks to your business
  • Information security management system (ISMS) creation – using our expertise to produce a detailed report that highlights what you have implemented, what’s working effectively and where further investment is required
  • Compliance testing and audit  –  using your audit preferences to deliver a detailed report with any control weaknesses, risks associated with these weaknesses as well as our recommendations
  • Payment Card Industry Data Security Standards (PCI-DSS) – using our knowledge and expertise to help you implement PCI DSS across your organisation or validate existing PCI certifications.

Ethical Hacking

What are our Ethical Hacking services?

Our team of ethical hackers can identify your weak spots and then work with you to fix them.

In other words, we’ll pinpoint the vulnerabilities in your people’s behaviours, procedures, policies, applications and networks before the cyber criminals do. 

Our ethical hacking services are:

  • backed by accreditation with standardised methodology - our approach is simple and aims to answer the question - how secure are the critical systems that protect and grow your business?
  • not only delivered to our customers to protect their interests, but are also used to protect our brand every day.

Why choose security advisory services with BT?

It’s not just the solution that makes the difference, but who you choose to partner with. Why choose us for GRC advice?

  • As a global enterprise that works with businesses around the world, our consultants have an excellent understanding of developing national and international data protection regulations.
  • Our global team of professionals use an impressive variety of tried and tested ‘control frameworks’ and have the expertise to deploy them effectively for your business.
  • We are accredited to perform professional services on a global scale by Lloyd’s Register Quality Assurance for the ISO9001:2008 quality management system.