On this page

Our GRC consultants have a deep understanding of the information security risks facing organisations today, and extensive experience in certification & accreditation. They can help you identify and manage these risks based on your requirements. We provide a pragmatic approach by tailoring our services to your requirements to help you achieve your goals in the most efficient way.

Our team of consultants hold a variety of professional qualifications including CISSP, COBIT, ITIL, OSCPs, PCI QSAs, ISO 27001 Lead Auditors, CISA, CISSP, CISM, and SABSA certified consultants.


Certification and Accreditation (C&A)

C&A is a fundamental governance and assurance process carried out by all New Zealand Government agencies. C&A provides confidence to stakeholders that your information and associated technology is well managed. Our consultants have a great deal of experience conducting C&As on ICT systems to identify the risks, assess that the system complies with the minimum standards and controls described in the NZISM, and that any control deficiencies have been identified, assessed and acknowledged. Our C&A engagement will provide you with a:

  • Security Risk Assessment
  • Controls Validation Plan
  • Controls Validation Audit
  • Security Certificate or an Approval to Operate memorandum

Risk Assessments

Risk assessments are critical for both government agencies and private sector businesses in New Zealand to comprehensively understand, prioritise, and manage information security risks. Our risk assessment will put these threats into context for your business and provide recommendations to manage the risk to a level that is tolerable to you. We work closely with you to:

  • Assess risk for your key information systems
  • Conduct workshops with stakeholders to understand risk scenarios and business impacts
  • Prioritise risks based on significance to your specific business needs
  • Identify a catalogue of appropriate controls for effective risk management

Security Risk Management Plan (SRMP)

A SRMP identifies risks, deficient controls, and remediation measures to manage and reduce these risks. Our GRC consultants will work closely with you to identify the risks that have not met their residual risk score, or have deficient controls, and we will outline a treatment and remediation plan for you to address, manage and reduce these risks, improving your system’s overall risk position.

Contact us

Take the next step and talk to us today.