If this is you …
We have found that clients of all sizes struggle to balance cyber-risk investment, organizational change friction and ability to demonstrate results.
After many years of helping clients with a wide range of governance, risk and compliance matters, we see very few clients doing well. Often, they:
- know they have a cyber-risk problem, but can’t necessarily define its nature or size
- believe that formal GRC frameworks like ISO27001 are too “heavy” for their organization to adopt
- have made a variety of technology investments in infosec, but these are disconnected from wider organizational context (e.g. people and process)
- cannot easily demonstrate that their investments have translated to meaningful reductions in business risk
All of this means they remain exposed, and searching for a practical path forward.
Then we can help
Our hybrid solution delivers the benefits of integration and automation, empowers business driven prioritization, on a flexible platform that supports ISO 27001 and other GRC frameworks.
To be valuable and viable we believe that a contemporary GRC solution needs to:
- enable the business to identify and prioritise risk reductions in an order that makes sense
- reduce the amount of time and effort required to progress toward a GRC objective by use of integration and automation rather than human effort
- emphasise continuous monitoring rather than periodic compliance audits
- provide flexible options as to how and when a business progresses toward framework-based certification and audit activity
We call it ISO 27001 Track Support. And we’ve chosen to deliver it with Drata, the market leader in risk and compliance automation.
So, what’s included?
Our offering brings together the elements you need to deliver business-cyber risk reduction.
Every customer starts in a different place – they have a history of making decisions and investments across different elements for different reasons.
We start the ISO 27001 Track process with a Baseline Assessment which helps us to understand what is in place and what is not. This also captures a business view of what is important in terms of measurable improvement priorities.
The Improvement Plan then assists a customer to resource, schedule and progress improvements towards a specific set of goals.
Not all customers will pursue or achieve Audit and Certification. The Improvement Plan allows a customer to determine if and when this is a sensible objective, and the platform and process we use naturally extends into that stage if it is warranted
gwi.digital’s solution is based on Drata’s GRC automation platform, the ISO 27001:2022 standard, and combined with a flexible services bundle.
Together, these deliver you the changes you need to measurably reduce your business-cyber risk, and demonstrate that both inside and out.
Our offering includes:
- full Drata product licensing (MSSP tenancy, setup, ISO27001 framework, framework/policy/template library, continuous compliance automation via SaaS integration, employee engagement and education, risk management)
- trained, qualified and local AU-NZ support for Drata, with the backing of APAC and global vendor support teams
- Drata platform initial setup and configuration, working with your business and technology stakeholders to collate and integrate the necessary documentation and data
- an ISO27001 Baseline Assessment including controls status, maturity level, risk assessment and register
- an ISO27001 Track Improvement Plan which lays out the logic for business-risk driven prioritization and progression
- ad hoc support and advice
- monthly reviews to document and ensure progression
- a Quarterly Executive Summary suitable for a governance function (eg ELT)
- the option to proceed to audit, with a recommended audit partner who understands the Drata platform too
Meaningfully reduce your business-cyber risk. Contact us for more.