Governance, Risk, Compliance (GRC) is a Strategic Business Asset


Our Expertise

GRC as a Service (GRCaaS)'s consulting services helps your organization meet regulatory and industry mandates while protecting sensitive data across your IT infrastructure. We utilize services from our GRC offerings, individually or holistically, to customize solutions to your specific needs. We strive to position GRC as a strategic business asset within your organization to help protect your brand.

Are you: 

  • just beginning your IT security or compliance initiatives? 
  • advanced in your implementation maturity and looking for a fresh set of eyes to assess how secure your critical data is?
  • altering your compliance and cyber risk profile by omitting proper due diligence before closing on acquisitions? 
  • in need of a virtual CISO on an "as needed" basis? 

GRCaaS can address all of these needs and more. We provide high impact compliance gap analyses and IT risk assessments across multiple industries addressing compliance, security and privacy risk exposures with an actionable remediation plan. Clients "pick and choose" from our menu of services to augment their operations and remediate gaps involving people, processes and technologies most at risk.


Featured Service - Incident Response Plans & Readiness Training

Not sure what to do if you suspect a data breach or cyber attack? We can help you develop a Computer Security Incident Response Plan (CSIRP) and train your incident response team with tabletop exercises that prepares them on steps to take if a security incident occurs.  Our training is tailored to your IT environment and handling of sensitive data. 


Sustainable Compliance, Security & Privacy

Evolving technologies, threats, regulatory laws and business growth require ongoing GRC efforts. Our GRCaaS Calendar™ provides a customized roadmap of tasks required and their frequency to minimize risks aligned to your needs.  Our “As a Service” model enables predictable budgeting of bundled services to assist in meeting your ongoing security and compliance requirements or certification goals.

What Differentiates Us?


Layered Security Solutions

GRCaaS organizes its gap analyses and assessments of risks, threats and vulnerabilities by the 7-Domains of a Typical IT Infrastructure©2019 as defined in our founder, David Kim's co-authored book, "Fundamentals of Information Systems Security, 3rdEdition." This concept of 7-Domains allows for the implementation of layered security solutions across similarly organized IT roles and responsibilities.



Our high impact gap analyses and risk assessments focus your dollars on the solutions (short-term and long-term) and less so on identifying and describing the issues and problems. Our remediation budgets integrate your internal capabilities with our expertise in a hybrid, economical solution.


Simultaneous Multi-Regulatory Mapping

Our expertise spans across multiple industries and regulatory compliance laws and standards (e.g. HIPAA, PCI DSS, FFIEC, NIST, ISO, etc). This enables us to efficiently map our analysis, findings and recommendations in a synthesized manner that eliminates redundancies and cost-effectively consolidates the remediation resources needed.