Consultation

GRC Consulting

Governance, Risk & Compliance services that help organisations establish frameworks, identify risks, implement controls, and demonstrate compliance to regulators, auditors, and customers.

GRC Framework Coverage

ISO 27001:202284%

NIST CSF 2.091%

PCI-DSS v4.076%

SOC 2 Type II68%

COBIT 201982%

247

Controls

Open Risks

Audits Due

Risk Register

Critical2

High5

Medium11

Low18

Next Audits

ISO 27001Apr 2025

SOC 2Jun 2025

PCI-DSSAug 2025

Governance

Security policies, procedures, defined roles, and accountability structures aligned to ISO 27001, COBIT, and GDPR.

Risk Management

Systematic assessments using ISO 27005, NIST 800-30, and OCTAVE. Risk registers, treatment plans, residual risk quantification.

Compliance

Framework gap assessments, remediation roadmaps, ongoing compliance monitoring and audit management.

Frameworks Covered

ISO 27001:2022ISO 27005NIST 800-30NIST 800-53PCI-DSS v4.0COBIT 2019GDPROCTAVESOC 2

Powered by Defend360

SPG's GRC consulting practice is backed by Defend360 — our own AI-powered GRC platform. Clients can have their compliance posture managed and monitored continuously in Defend360, not just assessed and filed away.

Learn about Defend360 →

Request GRC Consultation