If this is you …
We have found that clients of all sizes struggle to balance cyber-risk investment, organizational change friction and ability to demonstrate results.
After many years of helping clients with a wide range of governance, risk and compliance matters, we see very few clients doing well. Often, they:
- know they have a cyber-risk problem, but can’t necessarily define its nature or size
- believe that formal GRC frameworks like ISO27001 are too “heavy” for their organization to adopt
- have made a variety of technology investments in infosec, but these are disconnected from wider organizational context (e.g. people and process)
- cannot easily demonstrate that their investments have translated to meaningful reductions in business risk
All of this means they remain exposed, and searching for a practical path forward.
Then we can help
Our hybrid solution delivers the benefits of integration and automation, empowers business driven prioritization, on a flexible platform that supports ISO 27001 and other GRC frameworks.
To be valuable and viable we believe that a contemporary GRC solution needs to:
- enable the business to identify and prioritise risk reductions in an order that makes sense
- reduce the amount of time and effort required to progress toward a GRC objective by use of integration and automation rather than human effort
- emphasise continuous monitoring rather than periodic compliance audits
- provide flexible options as to how and when a business progresses toward framework-based certification and audit activity
We call it ISO 27001 Track Support. And we’ve chosen to deliver it with Drata, the market leader in risk and compliance automation.
![](https://gwi.digital/wp-content/uploads/purple-fluid-geometry-full-768-opti.png)
So, what’s included?
Our offering brings together the elements you need to deliver business-cyber risk reduction.
Every customer starts in a different place – they have a history of making decisions and investments across different elements for different reasons.
We start the ISO 27001 Track process with a Baseline Assessment which helps us to understand what is in place and what is not. This also captures a business view of what is important in terms of measurable improvement priorities.
The Improvement Plan then assists a customer to resource, schedule and progress improvements towards a specific set of goals.
Not all customers will pursue or achieve Audit and Certification. The Improvement Plan allows a customer to determine if and when this is a sensible objective, and the platform and process we use naturally extends into that stage if it is warranted
gwi.digital’s solution is based on Drata’s GRC automation platform, the ISO 27001:2022 standard, and combined with a flexible services bundle.
Together, these deliver you the changes you need to measurably reduce your business-cyber risk, and demonstrate that both inside and out.
Our offering includes:
- full Drata product licensing (MSSP tenancy, setup, ISO27001 framework, framework/policy/template library, continuous compliance automation via SaaS integration, employee engagement and education, risk management)
- trained, qualified and local AU-NZ support for Drata, with the backing of APAC and global vendor support teams
- Drata platform initial setup and configuration, working with your business and technology stakeholders to collate and integrate the necessary documentation and data
- an ISO27001 Baseline Assessment including controls status, maturity level, risk assessment and register
- an ISO27001 Track Improvement Plan which lays out the logic for business-risk driven prioritization and progression
- ad hoc support and advice
- monthly reviews to document and ensure progression
- a Quarterly Executive Summary suitable for a governance function (eg ELT)
- the option to proceed to audit, with a recommended audit partner who understands the Drata platform too
Meaningfully reduce your business-cyber risk. Contact us for more.