About Us

Who We Are

GRC+ is a consultancy company, based in Amsterdam, which assists organizations in developing an integrated cycle of Governance, Risk and Compliance (GRC) initiatives. In addition to working directly with our clients, we work to develop strategic partnerships with leading security, compliance and risk assessment organizations as an enhancement of our service offerings.

We are specialized in IT Governance, Risk Assessment, audit and regulatory compliance with specific focus on ISO/IEC 27001, NCUA, FDIC, FFIEC, GLBA, Sarbanes Oxley (SOX), Payment Card Industry (PCI), GDPR, PSD 2, Personally Identifiable Information laws (PII), NIST 800-53, and Health Insurance Portability and Accountability Act (HIPAA) regulations.

What We Do

Governance

IT Governance is a subset discipline of corporate governance, focused on information and technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization’s strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders.

We establish governance frameworks around ITIL or COBIT to achieve the ability to monitor and manage your organization.

Risk Management

IT risk management is the application of risk management methods to information technology in order to manage IT risk. The establishment, maintenance and continuous update of an Information security management system (ISMS) provide a strong indication that a company is using a systematic approach for the identification, assessment and management of information security risks.

We employ different methodologies to manage IT risks including ISO 27005, IRAM, NIST SP 800-30.

Compliance

IT Compliance means conforming to stated requirements. At an organizational level, it is achieved through management processes which identify the applicable requirements (defined for example in laws, regulations, contracts, strategies and policies), assess the state of compliance, assess the risks and potential costs of non-compliance against the projected expenses to achieve compliance, and hence prioritize, fund and initiate any corrective actions deemed necessary.

We help our customers in respect to regulatory or industry compliance like GDPR, PSD2, SOX, HIPAA and PCI.

What Skills We Have

Our team is made up of certified experts who are dedicated to serve you in all your GRC needs. The team has experience in bringing GRC services to customers in several industries and countries worldwide and will provide you with professional and accurate support.