Alan Calder, CEO
As organisations moved to remote working due to the COVID-19 pandemic, the number of data breaches has surged. Cyber criminals have taken advantage of this situation to launch sophisticated cyber attacks on every industry. For any organisation handling sensitive data, security and privacy are imperative - even a small error can have huge repercussions.
Recognising this, many organisations turn to specialists for support. Ely-based GRC International Group (GRCI Group) combats these challenges by providing products and services to holistically address organisations’ IT governance, risk management and compliance requirements. “Our ambition is to be the business world’s go-to resource for managing and controlling cyber and privacy risk,” says Alan Calder, GRCI Group CEO. “We have the most comprehensive integrated product and service portfolio.”
The Group recently launched Cyber Security as a Service (CSaaS) and Privacy as a Service (PaaS), which allow organisations to effortlessly and cost-effectively integrate all their cyber security and privacy requirements. Offered as an affordable annual subscription service, CSaaS is an outsourced model of cyber security and risk management that enables organisations to address their cyber risks quickly, easily and in one place. This complete security solution provides specialist advice, vulnerability scans, staff training, policy templates, and more.
Meanwhile, PaaS, delivered by independent privacy lawyers, data protection officers (DPOs) and cyber security experts, offers a fast, simple route to General Data Protection Regulation (GDPR) compliance. With three packages available, depending on the amount of support required, PaaS allows organisations to pay for only what they need, whether that is general advice or a dedicated DPO to oversee the entire compliance project.
GRCI Group has also adapted several of its offerings to help organisations address the challenges arising from the pandemic, from business continuity to remote working. Its remote penetration tests check the security of an organisation’s network against external threats and cyber attacks, allowing clients to understand how their assets can be exploited and put mitigating measures in place. Meanwhile, the COVID-19 Cyber Risk and Data Privacy Response Service helps organisations build a cyber resilient and privacy-compliant remote working infrastructure with support from expert consultants.
Organisations can also train their employees on how to stay cyber safe when working from home with the Cyber Security for Remote Workers Staff Awareness E-learning Course, which covers the dangers of remote working and how to avoid falling victim to a cyber attack or phishing scam. To strengthen phishing awareness, the Phishing Staff Awareness Training Programme explains how phishing attacks work, the tactics employed by cyber criminals and what an employee should do when they are targeted.
Our ambition is to be the business world’s go-to resource for managing and controlling cyber and privacy risk
More in-depth training is available in a variety of formats, including self-paced online, Live Online and classroom. The Group’s purpose-built training centre in Ely offers a collaborative experience, with flexibility for learners to attend either in person or online – without losing the benefits of classroom learning. “Delivered by a world-class team of data protection and cyber security experts, GRCI Group’s training courses offer a wide range of high-quality and cost-effective training solutions covering data protection – including ISO 27701 and BS 10012 – the GDPR, cyber security, ISO 27001, ITIL®
, the Payment Card Industry Data Security Standard (PCI DSS), business continuity, ISO 22301, ethical hacking, and professional qualifications such as CISA®
, CISMP, CRISC®
,” says Calder.
GRCI Group’s services and products can be broadly categorised as e-commerce, Software as a Service (SaaS) and professional services. The company has eight e-commerce websites globally that offer training courses, books, toolkits and software covering data protection, cyber security, ISO 27001 certification, and related topics. The professional services division was established to provide practical assistance for clients designing and implementing data protection and cyber security policies and procedures. The company also creates and sells software solutions through its subsidiary Vigilant Software Ltd, which forms part of the SaaS division. Vigilant Software’s CyberComply platform is a Cloud-based solution comprising five tools to help organisations manage risks and comply with laws and regulations such as the GDPR. The tools include vsRisk (the leading risk assessment tool for ISO 27001 compliance), Compliance Manager and the Data Flow Mapping Tool.
Another challenge facing organisations is Brexit. On 31 December 2020, the transition period will end and EU rules will no longer apply to the UK. The UK government aimed to get an adequacy decision from the European Commission for EU–UK personal data transfers. However, recent developments – including Schrems II – make this increasingly unlikely, and the UK looks set to be treated like any other third country from January. It is vital organisations are prepared.
GRCI Group is updating its entire range of GDPR products and services to reflect the change; these will all be available before Christmas. Calder says, “This updated Brexit-readiness product range will also include new products and services that are designed to help organisations securely navigate the end of this transition period and successfully comply with the change in requirements that will be in place when the UK officially leaves the EU.” GRCI Group’s clients include Volkswagen, Royal Mail, Next, The House of Commons, Microsoft, P&O Ferries and Domino’s Pizza. Its forward-thinking abilities and adaptability have proven invaluable to clients during a year of uncertainty and increased risk. With its Brexit-readiness offerings soon on the market, GRCI Group’s first-to-market capabilities and unique solutions will continue to cement the Group’s position as world leaders in managing and controlling cyber and privacy risk.