Risk and Compliance Services

Facilitation, advice and consultancy on governance, risk and compliance management systems including implementation and compliance to several international Standards and Guidelines such as:

Principle Service Areas

  • ISO 27001 Information Security Management
  • COSO/SOC2 and COBIT5 – Sarbanes Oxley Framework Implementations
  • ISO 22301 Business Resilience & Continuity Management
  • ISO 37001 Bribery and Corruption Management
  • NIST Security Control Compliance and ITIL Best Practices
  • ISO 19600 Compliance Management
  • ISO 31000 Enterprise Risk Management
  • AS 9100 Aviation, Space and Defense Management
  • Legal and Regulatory Requirements Framework
  • Sustainability & ESG Monitoring, Management & Reporting Services

ISO 9001, ISO 45001 and ISO 14001 Integrated Management Systems

An Integrated Management System (IMS) integrates all of an organization’s systems and processes into one complete framework, enabling an organization to work as a single unit with unified objectives.

An IMS known in some circles as a QSHE Management System incorporates the disciplines of Quality, Environment and Occupational Health and Safety.

As we have extensive experience in these disciplines and their application we have hundreds of examples of policies, procedures, records, job descriptions and appointments etc. that we make available for usage.

We follow a facilitated implementation process that incorporates the following steps:

  • Perform a gap analysis to identify existing policies and procedures and assess them against the combined ISO 9001, 45001 and 14001 Management Systems requirements as well as applicable laws and regulations
  • Determine the scope of the IMS, identify the relevant stakeholders and review their inputs
  • Establish appropriate QSHE policies and procedures within a formal documented management system
  • Assign a management representative to oversee the implementation of the standard
  • Identify and evaluate QSHE risks
  • Communicate internally and externally the QSHE program to all interested parties
  • Determine the duties and responsibilities of all staff that perform QSHE activities
  • Ensure competent human resources by adequate training and awareness of personnel
  • Perform due diligence and implement appropriate QSHE control measures to  prevent the risk of non-conformance’s and incidents
  • Ensure that suppliers and contractors have implemented appropriate QSHE controls
  • Monitor activities and outcomes to ensure that the organization does not engage in corrupt practices
  • Implement QSHE policies, procedures and other reporting tools
  • Perform investigations and determine appropriate corrective actions related to any non-conformance’s or incidents
  • Verify by internal audits that the organization complies with the provisions of the IMS
  • Perform reviews of the IMS to determine its effectiveness and establish decisions and actions to improve the processes and their results
  • Determine the organization’s readiness for initial certification if required

The facilitated implementation process would also apply to implementations that are not part of an IMS strategy where just ISO 9001, ISO 45001 or ISO 14001 is required.  Our process ensures that whichever option is required the management system is designed in such a way that it is relatively straightforward to extend the scope of the management system to incorporate other disciplines.

Other Service Areas

  • ISO 22000 Product Safety and Quality Management
  • ISO 26000 Social Responsibility Management

GRC Advisory

  • Business Strategy Development – Assisting clients with the development of sustainable business strategies, goals and objectives for the benefit of both internal and external stakeholders.
  • Business Process Gap Analysis – Visualizing the client’s business by mapping the processes in place by taking into account the roles, responsibilities, standards and guidelines.
  • Business Process Modelling – To further develop ‘gap analysis’ results business process improvements are discussed and the enhancements suggested tested through to implementation.
  • Business Impact Analysis – Conducting of Business Impact Analysis of processes, products and services and activities and development of recovery strategies
  • Threat and Risk Assessments (TRA) – Conducting of TRA’s and recommending requirements for the development of Business Continuity and Disaster Recovery Plans.
  • Organizational Change Management – Assisting clients with business process changes impacting resources and budget allocations needed to reshape a company or organisation.

Training and Awareness

We provide in-house training at companies as well as online training and courses.

Training is provided on the following topics:

Planning for potential business disruptions

  • Business Impact Analysis (BIA)
  • Threat and Risk Assessments (TRA)
  • Practical examples of BIA and TRA methodologies

Managing the response and recovery of business disruptions

  • Background and history of business continuity plans
  • What is ISO 22301
  • What is a business continuity plan?
  • Key features of an effective business continuity plan
  • Practical Examples of a Business Continuity plan and a Disaster Recovery Plan

Fundamentals of Information Security Management

  • What and Why is Information Security Management?
  • General Overview of Information Security
  • What is ISO 27001
  • Asset Based Risk Assessments
  • Key Aspects of Information Security

Management Systems Services

  • Assisting with the transition from a manual to a user based, automated technology solution.
  • Delivery of immediate, purpose fit solutions as opposed to long-term, high-cost implementations.
  • The combination of consultancy and advisory assistance with the implementation of process based management systems aligned to best of breed technology solutions.
  • The provision of technology solutions that are scalable, reliable and cost-effective with built in intuitive and predictive information analytics.

ESG Monitoring, Management and Reporting Services

Getting ESG management system in place takes time as it often requires changing the companies culture and method of operation?

Our experience suggests that good ESG performance is achieved when ESG is treated as a strategic business risk and is high up on the agenda at company board meetings thus providing investors and shareholder protection and beneficiation to broader stakeholders.

Through our consulting and advisory service we assist in;

  • Establishing formal governance mechanisms for ESG
  • Providing ongoing management and ESG monitoring support
  • Ensuring that ESG factors are being managed as agreed
  • Where requested holding regular meetings with the company’s board or management to ensure the ESG action plan is being implemented effectively
  • The provision of ESG reporting services that provide an ongoing summary of the company’s ESG performance including progress against the ESG action plan and KPI’s
  • Where requested carrying out of periodic reviews of the company’s ESG management system, performance and action plan

Further to the above services we are also able to provide an integrated ESG technology platform that merges all environmental sustainability systems and processes in to one common cohesive framework that drives environmental strategies, initiatives and action plans thus ensuring ongoing improvement in the reduction of adverse impacts on the environment.  Data such as energy consumption, water consumption, waste production, GHG emissions, SHE incidents and more are merged into a single database where it can be measured, trended and reported on enabling management to make informed decisions on their ESG performance, KPI’s and compliance.

;