GRC Consulting

Governance, Risk & Compliance (GRC) summarizes the three most important levels of actions of a company for its successful management:

Governance refers to structured corporate management based on defined guidelines. This includes corporate goals and the provision of the necessary resources to achieve the goals.
Risk describes risk management. Here, known and unknown risks are identified and assessed using defined risk analyzes. This includes measures for handling identified risks.

Compliance is the adherence to internal and external guidelines, among others for the secure provision and processing of data. This is where topics such as access control, encryption and business continuity management come into play.

Goals and processes aligned

Identify and manage risks       Comply with regulation

Our consulting services focus on the last two points, i.e. structured risk management and compliance with compliance requirements in the IT environment (PCI-DSS, ISO27001, GDPR / ISO27701).

In these areas, our consultants can draw on the full potential and bring their experience to your special environment. Ergonomics’ almost 30 years of experience also supports the planning, implementation and introduction of complex, customer-specific IT projects in a wide variety of customer environments.