Governance Risk and Compliance (GRC) advisory services

Overview

What is GRC?

Develop a comprehensive governance, risk and compliance strategy.

Within enterprises, different departments are responsible for managing cyber risks, business goals and adhering to laws and regulations regarding data and information security. Without a Governance, risk, and compliance (GRC) strategy, all these different responsibilities will exist in silos.

Governance, risk, and compliance is a combined approach, that enables companies to stay abreast of business dynamics, technologies and regulation changes. Developing and deploying a GRC strategy comes with a list of benefits: reduction of silos, improved decision-making and optimised IT investments.

BT’s GRC advisory services are designed to help you adapt to changes in national and international data protection regulations and implement effective security frameworks. Our expertise covers:

• Risk assessment and risk management - document your agreed risk appetite and develop a comprehensive risk management process
• Security risk assessment – identifying and fixing gaps in existing compliance frameworks
• Compliance testing and compliance audit – identifying gaps in existing compliance regimes, interpreting regulatory requirements and implementing appropriate frameworks.

Our GRC advisory capabilities

What are our GRC security advisory services?

BT GRC advisory services can help you implement an effective governance regime and ensure the correct level of security for your business. Our data management and compliance consultants help you with:

• Cyber risk quantification - using SAFE Security to quantify your risk across the 5 areas of people, process, technology, cybersecurity products and supply chain.
• Security health check – using an industry-standard framework to create a custom report showing effective and missing controls as well as any risks to your business
• Information security management system (ISMS) creation – using our expertise to produce a detailed report that highlights what you have implemented, what’s working effectively and where further investment is required
• Compliance testing and audit  –  using your audit preferences to deliver a detailed report with any control weaknesses, risks associated with these weaknesses as well as our recommendations
• Payment Card Industry Data Security Standards (PCI-DSS) – using our knowledge and expertise to help you implement PCI DSS across your organisation or validate existing PCI certifications.

Ethical Hacking

What are our Ethical Hacking services?

Our team of ethical hackers can identify your weak spots and then work with you to fix them.

In other words, we’ll pinpoint the vulnerabilities in your people’s behaviours, procedures, policies, applications and networks before the cyber criminals do. 

Our ethical hacking services are:

• backed by accreditation with standardised methodology - our approach is simple and aims to answer the question - how secure are the critical systems that protect and grow your business?
• not only delivered to our customers to protect their interests, but are also used to protect our brand every day.

Cyber risk quantification with SAFE

Manage cyber risk consistently across your estate and make informed decisions to securely achieve your business objectives with our cyber risk quantification service using Safe Security.

What is Cyber risk quantification with SAFE?

Cyber risk quantification with SAFE provides a way of objectively measuring your cyber risk in-real time and calculating the potential financial impact of a cyber breach on your operations. It takes into account every element that can impact your risk profile and applies data science principles to quantify your risk across people, processes, technology, cybersecurity products and supply chain.

Delivered by our Security Advisory Services team, our cyber risk quantification service helps you:

• Track progress over time and benchmark risks between different applications, business units or even separate organisations.
• Visualise and report on cyber risk to senior stakeholders in business language.
• Demonstrate the need for investment in specific areas and the risk mitigation impact of this investment.
• Increase work efficiencies by automating manual assessments and eliminating the need for monitoring through multiple applications and platforms.

You’ll also benefit from a set of actionable insights on how to improve your cyber risk posture and prioritise the resources needed to address the most impactful security gaps.

Why choose security advisory services with BT?

It’s not just the solution that makes the difference, but who you choose to partner with. Why choose us for GRC advice?

• As a global enterprise that works with businesses around the world, our consultants have an excellent understanding of developing national and international data protection regulations.
• Our global team of professionals use an impressive variety of tried and tested ‘control frameworks’ and have the expertise to deploy them effectively for your business.
• We are accredited to perform professional services on a global scale by Lloyd’s Register Quality Assurance for the ISO9001:2008 quality management system.