Introducing our GRC team: IT and OT security, you can count on us

Our Governance Risk Compliance (GRC) team supports the cyber security of our customers with general IT/OT information security consulting, implementation and continuous maintenance of GRC platforms. Thus, they can comply with the various relevant laws and standards, develop regulated processes and get rid of the shortcomings that arise when conducting surveys related to information security.

Governance

• Development and review of regulations and standards: A company policy is a document that defines policies and rules that must be followed by all employees of the company. Our experts have extensive knowledge of industry regulations and legislation and can effectively create documents that support the company's message and provide employees with the information they need to comply with company standards and procedures.
• Supporting business areas: We provide support for our customers in the introduction of the necessary processes and changes, in the development of new activities and controls and in the production of the necessary documents, considering the legal environment, industry regulations and the needs of our customers based on our best experience and knowledge.
• Support to information and IT security managers: An information security officer (ISO) has extremely versatile responsibilities, during which he may encounter many serious problems and complex tasks. Mitigating them requires a lot of time and energy. Their responsibilities have become particularly important in relation to compliance with the NIS2 directive. Within the framework of ISO support, we contribute to the execution of regular or occasional tasks belonging to the GRC area, so we can relieve the company's information security officer.

Risk Management

• Information and IT security risk assessment: We carry out information security risk assessment for the entire scope of the company or for its pre-defined systems, processes, facilities and other assets. We support the organization in prioritizing the identified risks as well as in planning and implementing their management. In addition to one-off risk assessments, we also support the company in developing risk management frameworks so that the results are managed in a sustainable and regulated manner.
• OT (Operational Technology): The basis of effective security developments is the identification and prioritization of risks. We have combined our methodology – based on international standards and our expert experience – with the recommendations of the NIST 800-82 standard and OT security best practices.
• Business continuity: We assess the company's responses to crisis situations, their effectiveness and prerequisites. The business continuity survey covers the analysis of the effects of business processes and the determination of critical processes and resources as well as the assessment of the prerequisites that ensure the continuity and restoration of IT services. Based on the identified results and the insight gained into the corporate operations we design the business continuity framework and plans that ensure the continuity and restoration of critical processes as well as the post-disaster recovery plans.

Compliance

• Regulatory Compliance: We plan the company's preparation for compliance with the relevant laws and standards in accordance with the results revealed in the preliminary survey, i.e. the company's preparedness, needs and the relevant requirements. During the entire preparation period we provide support to the introduction of the necessary processes and changes, to the development of new activities and controls and to the production of the necessary documents.
• Most frequently used industry frameworks and rules: ITIL, ISO22301, ISO27001, ISO-31000, NIST CSF, NIST 800-53, NIST 800-82, GDPR, PCI-DSS, DORA, TISAX
• Information Security Management System: Based on our extensive knowledge acquired in the field related to the ISO 27001:2022 international standard and several years of practical experience, we prepare the company for compliance with the requirements of the standard, for the integration of new operations according to the framework into company processes and for the successful certification audit. Thanks to this, the company can maximize its chances of obtaining the certificate.
• NIS2 GAP analysis and preparation: Compliance with the NIS2 directive is a new challenge for service providers and organizations operating in risky sectors.
• Information and IT security assessments: Within the framework of this service, we assess the requirements found in legislation, contracts and standards relevant to the company or the practices generally accepted and deemed appropriate in the industry, and then the company's initial level of information security preparedness. After the objective identification of the defined requirements, we provide a comprehensive picture of the company's level of preparedness and formulate basic proposals to improve the identified deficiencies.

Systems and Devices

Our services include the implementation of a GRC platform for our customers. In addition, we provide support to the implementation and customization of use cases belonging to the entire information security and corporate risk management areas of the system as well as to the development of workflows and unique applications within the platform.

• Archer IRM: A system developed for large companies
• Eramba: Available for SMEs
• OT Security: OT security protection solutions (e.g. TXOne)
• Fusion SOC Solution

Customer Support and Collaboration

Close cooperation with customers

• Continuous consultation and development: Year-round cooperation with clients, continuous development of their needs and maturity.
• Serving individual needs: Flexible application of Archer and other systems based on specific customer needs.

Our development methodology

The EURO ONE GRC team follows a five-stage implementation approach, which are as follows: Analysis (1), Design (2), Construction (3), Testing and Commissioning (4), Go-live (5).
Below is a high-level overview of Archer's service delivery methodology by phases.

• In the Analysis phase EURO ONE's team of experts assesses and understands the customer's business needs. In this consultation phase the solution options, certain processes and their connections are determined at a high level, and we also discuss the roles.
• In the Design phase we plan the customer's solution. The result of this phase is a detailed business specification, role group assignments (access management) and the definition of workflow processes.
• In the Construction phase the expert team creates and configures the application, the outlined solution. This includes commissioning the Archer platform and implementing specific Archer solutions and use cases. Functional testing is performed for end-user testing before delivery.
• In the Test phase the customer checks with the support of the EURO ONE expert team whether the solution meets the originally defined business goals and whether all expectations have been met. At this point, minor reconfigurations and solution changes may take place.
• In the Commissioning phase the solution is also implemented in a live environment. The expert team prepares the user documentation in cooperation with the client to support the operational solution processes.

Our GRC team is committed to supporting our clients in cyber security, risk management and regulatory compliance. Through our extensive industry experience and innovative approach, we offer customized solutions that not only ensure compliance with the legal requirements but also help achieve business goals.