Compliance as a Service

Information Security and data protection can be a complex and comprehensive matter, and you can easily lose track and overview of your compliance work.

With our Compliance as a Service, we advise all kinds and sizes of organizations on information and cyber security matters related to ISO 27001/2, GDPR, NIS2, TISAX, etc.

Reach out and book a free online discovery call to get advice on your compliance challenges - even without being a NorthGRC platform customer.

On this page, you can find an overview of the IT security consultancy services that we typically solve and advise on.

Call us at +45 70 25 80 30 or book an online meeting.
Together, we'll make a plan.

Compliance as a Service

Typically long-term projects

ISMS implementation, development, and maintenance

We advise on and prepare risk assessments, SoA, security rules and processes, awareness, education, internal audit, etc.

We can also help you with the supporting project and task management process.

Implementation of other standards and industry requirements

We ensure supported and integrated mapping of other standards than ISO 27001/2, NIS2, DORA, CIS 18, TiSAX, and GDPR in our GRC platform.

Examples of other standards are NCIS, NIST-53, NIST-171, ISO 22301, Nerc, GAMP5, GxP, PIC/s, and PCI.

GDPR consultancy

Identification and documentation of data processing activities, documentation, and protection of the data subject's data and rights, data processing agreements, control measures, decision-making on the GDPR requirements, data transfer to other countries/Transfer Impact Assessment (TIA), data breach, etc.

We ensure that you have a solid management system to comply with the requirements and laws within GDPR in an easy and efficient way.

Interim CISO or DPO services

We form the full overview, take responsibility, and help your company to be compliant.

We maintain a possible certification, carry out document review, and practical security management, improve and develop the current setup, and management review as well as follow-up on incidents, CAPAs, risk assessments, KPIs, etc.

ISAE Assurence service

We enable you to obtain an ISAE 3000 or ISAE 3402 declaration by preparing documentation and establishing or adapting risk assessments, SoA, rule descriptions, and security processes.

NIS2 consultancy

Is your company required to comply with the NIS2 directive, and do you need help getting started with the compliance project?

Our IT security advisors can help you comply with the NIS2 requirements. We help you become compliant in time.

ISO 27001 certification

If you need to be ISO 27001 certified, we will help you all the way to the end goal. We have advised and assisted many clients achieve and maintain their certification.

Compliance as a Service

Typically individual tasks and short-term projects

ISO 27001 maturity assessment

We make an analysis of your IT systems, infrastructure, and security processes. We assess your maturity level and make recommendations to reach compliance level or ISO 27001 certification.

IT Business Continuity Plan
& Disaster Recovery Plan

We establish and develop your IT BCP and DRP.

We advise on and conduct risk assessments, Business Impact Analysis, policies, processes, and the annual compliance plan to relevant standards and best practices. We ensure the completion of relevant tests, including documentation.

Management tasks

We conduct an analysis of and advise on processes, measurement, and reporting, and we clarify roles and responsibilities and assess resources.

Internal awareness and training in ISO 27001/2, GDPR, NIS2, and other standards

Awareness and training programs and activities as well as analysis and reporting of the area are an important part of being compliant. Therefore, we help you set up the right processes and workflows for your business.

IT risk analysis and assessment

When we consult you in IT risk analysis and assessment, the plan we make is fully customizable to your business and organization.

We typically assist with building a threat catalog, classification model, and asset hierarchy. As well as reporting and deciding on risk appetite or migrating activities.

Internal audit of your information security, GDPR and NIS2

We typically establish a three-year internal audit program where we help with the selection and evaluation of controls, processes, and measures as well as reporting, documentation, and recommendations for handling non-conformances.

Purchase an hourly pre-paid consultancy card and use it as you see fit

If you need assistance from our advisors on multiple projects, it can be beneficial for you to purchase one of our hourly pre-paid consultancy cards to leverage the flexibility and value it gives you. Use it on what and when you want.

The hourly pre-paid consultancy card can be used on all kinds of consultancy services and can be purchased with the number of hours you need. 

The more hours you pre-pay for the more discount you obtain.

Let's have a quick chat and discuss your challenges.

Choose the time that suits you best and fill in the form. At the meeting, we uncover your real needs and make a plan.

You can also always call us at +45 70 25 80 30

air greenland
dolphinics logo