GRC is a management model combining the functions of Corporate Governance, Risk Management and Regulatory Compliance, and it deploys them together to make them as effective and efficient as possible, thereby boosting the capacity of companies to address their challenges, maximise their opportunities, optimise their performance and achieve their business targets and bring about the success of the organisation.
At Áudea we help you implement this management model and improve your company’s security and organisation.
We implement the ISO 27001 standard, a systematic process of policies, planning of activities, responsibilities, procedures, processes and resources focusing on minimising the risk associated with your company’s information assets. We analyse your company’s risks, and help you establish a Security Master Plan.
We implement the ISO 22301 standard so that, in the event of an incident or a disaster at the organisation, you can continue to offer your services and continue production processes, and resume normal service within the shortest possible period of time. We help you draw up a Business Impact Analysis, and establish a Continuity and Contingency Plan.
We advise on establishment of the Operator Security Plan (OSP), which must be drawn up by each critical operator and regularly updated with the approval of the National Centre for Protection of Critical Infrastructures.
We help businesses comply with the National Security System by implementing regulations.
We implement and audit the standard for the payment card industry security (PCI-DSS) for the purposes of validation of compliance with the standard by the proper body, Qualified Security Assessors (QSAs).
We ensure that both the activities of the organisation and management of IT operations are aligned to support the company’s business objectives.