IT GRC Services
IT GRC SERVICES
Generix Consultants have years of experience helping organizations to implement audit, risk and compliance related to ISO27001, ISO20000 and ISO22301 around the world. Generix increased focus on accountability have led enterprises to pursue a broad range of governance, risk and compliance initiatives across the organization.
Using our expertise to overcome roadblocks and accelerate your project initiatives, you can free up your own team to focus on what’s most important— managing your risks, executing on projects and resolving potential weaknesses and deficiencies in your internal control environment and core business processes.
Why choose Generix?
- Generix has a proven implementation methodology that uniquely combines governance, risk and compliance know-how with the change management and technical skills needed for success in any business environment.
- Generix consultants can help you to implement risk management process which provides a strategic orientation for companies of all sizes in all geographies with a formal process to identify, measure and manage risk.
- We’ve assisted number of organizations and have years of experience implementing data driven risk and compliance programs, analytic-enabled audits, and continuous monitoring systems.
- In order to articulate what makes a solution a GRC solution, we lay out a GRC solution framework. This framework identifies a comprehensive set of capabilities of a GRC solution and provides organizations a benchmark and assess its maturity.
- Unparalleled practical knowledge gained from senior roles in governance, risk and compliance in industry and government, public auditing and technology implementation and management.
Whether your challenges lie in the areas of risk management or monitoring, audit project management, controls monitoring, or compliance – or within the specific regulatory and operating environments unique to industries such as Government, SME’s and Financial sector– Generix Consultants can help you implement solutions uniquely suited to your organization’s needs.
Many consultants attempt to roll out a cookie-cutter approach to all organizations because they do not understand the significance of the current business processes and drivers. Don’t let that happen to your organization. Develop your security program correctly the first time!
ISO27001 Information Security Management Systems (ISMS) Audit and Certification
With the increase in opportunities to do business globally and the increased flow of information combined with the increase in sophistication of information security attacks, there is an urgent need to protect the confidentiality, integrity and availability of information.
Security products provide protection against damage to information, but they need to be supplemented with a monitoring mechanism. If you want your partners and customers to trust your information you need an Information Security Management System (ISMS).
An Information Security Management System (ISMS) helps determine how information is processed, stored, transferred, archived and destroyed. A secure ISMS is one which ensures:
- Confidentiality: only those who are authorized to see the information have access
- Integrity: accuracy and completeness of information is safeguarded by robust sourcing, processing, updating and storage processes
- Availability: authorized users have access to information and associated assets, in the required forms, when they need it.
An International standard for Information Security Management
The Standard ISO/IEC 27001 enables organizations to align with global Standards of best practice information security management. They offer organizations a practical framework and functional guidelines to assist with the improvement of information security and to be recognized accordingly – worldwide.
ISO 27001 is now globally recognized as the standard against which organizations can be certified to.
Generix – Auditing and certification to ISO/IEC 27001
Generix auditors independently assess important areas of your operations. They approve the scope of certification and review your ISMS at regular intervals seeking clarification and evidence that your goals and obligations are met and then report on the status of your system.
These reports will enable you to make decisions or take action in a timely manner to give you the confidence that your information security commitments are being met.
Whether you are looking for scoping, training, risk assessment, milestone review or certification, Generix has a solution to meet your needs including:
- Risk or Gap Assessment
- Certification to the recognized international standard ISO/IEC 27001:2013 or industry recognized standards such as PCI-DSS
- Independent checks that claims you make on compliance statements can be verified.
ISO20000 IT Service Management Systems (SMS) Audit and Certification
IT Service Management System sounds easy, but choosing the right model and solution can be key to your stakeholders and critical to your business.
The recently updated Information Technology Information Library (ITIL) Version 3 has a life cycle approach, similar to the Plan, Do, Check, Act (PDCA) cycle with, a strong focus on continual service improvement.
To successfully implement ITIL, you’ll need a management system to monitor and track compliance of Service Level Agreements (SLAs) with your customers. An Information Technology Service Management System (ITSMS) is a great foundation.
ISO/IEC 20000-1:2011 can be used as the criteria upon which to develop an ITIL based service improvement program for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ITSMS framework.
Whether you are looking for scoping, risk assessment, milestone review or certification, Generix has the following solutions:
- Risk Assessment, Gap Assessment and Milestone Review
- Certification to the international standard ISO/IEC 20000-1:2005 or Compliance with industry recognized standards such as ITIL
- Independent assessment and reports against your systems
- Independent checks to verify that claims you make on compliance statements, board reports can be verified.
Generix’s expert auditors and accredited certification processes provide IT service managers with the ability to demonstrate that their IT services meet international standards of best practices.
ISO22301Business Continuity Management Systems (BCMS)Audit and Certification
Business Continuity Management System (BCMS) is essential for organizations to minimize the risks to their business. BCMS puts in place the people, processes and technologies to secure critical information assets, minimizing the impact to operations in the event of an incident.
ISO 22301 is the international Business Continuity Management Systems (BCMS) standard. It specifies the requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. ISO 22301 replaced the old BS 25999-2 business continuity standard in 2012.
The business benefits from ISO 22301 certification are substantial. Not only does this standards help ensure that your Business Continuity risks are cost-effectively managed, but your adherence to the standards transmits an important message to your customers and business partners. ISO 22301 plays a very important role in monitoring, review, maintenance and improvement of your Business Continuity Management System and will likely give other organizations and customers greater confidence in all the ways they interact with you.Once the Risk Frameworks are identified and in place, continuous monitoring and assessment of the risk to the identified assets ensures management have an up to date view of the risk universe.
Our approach to ISO 22301 engagements in the majority of cases is to first carry out a Gap Analysis of the organization against the clauses and controls of the standard. This will provide a clear picture where you already conform to the standard, where there are some controls in place but there is room for improvement and where controls are missing and need to be implemented. For some organizations this will be the extent of the assistance required.
Following the Gap Analysis and debrief, you may require additional assistance by way of advice and guidance and project management of implementation of suitable controls and documentation required to meet the standard, in preparation for external certification.
Generix Consultants assists and advises organizations on the following:
- On-going Risk Management
- Continuous monitoring of risks
- Continuous and on-going audit
- Business Continuity Management
- ISO 27031 – ICT continuity best practice
- Disaster Management