About Us

image1

Experience You Can Count On

GRC as a Service (GRCaaS) was established by Mr. David Kim, a leading industry expert in information security and compliance regulatory requirements.  GRCaaS is headquartered in the greater Philadelphia area with a primary location in the Washington DC metro area.

 

Our certified principal consultants have decades of experience working in various industry verticals for both private and public sectors.  We assign industry experts on our GRC consulting projects in the role of principal consultant or project leader to ensure appropriate subject matter expertise is combined with technically competent compliance, security, or privacy consultants.

image2

Clients and Partnerships

GRCaaS sells consulting and engineering services to private sector enterprise organizations having multiple regulatory requirements in various industry verticals, small-medium sized businesses (SMB), and the public sector.


To introduce our services, we often utilize channel partners with our wholesale GRC solution offering. These partners range in nature from hardware / software value added resellers, cloud and hosting service providers, security systems integrators, telecommunications service providers, and various advisory firms.

image3

Our Vision

GRCaaS strives to position GRC as a strategic business asset within your organization to sustainably protect your brand from data breaches and non-compliance with regulatory laws.


Evolving technologies, new risks, threats, and vulnerabilities, changes to your IT infrastructure, certification goals and acquisition activities require ongoing GRC efforts.


GRCaaS can help customize your compliance and security management requirements and display them in a custom GRCaaS Calendar™ that defines the cadence of tasks recommended and required by your industry. Our GRCaaS Calendar™ and strategic plans (e.g. remediation, system security or certification plans) provide a roadmap for achieving your ongoing GRC objectives with predictable budgeting based on your internal capabilities and timelines.