Assured – Governance, Risk and Compliance

Assured Governance Risk and Compliance (A-GRC) is an International professional services consultancy based in the City of London, United Kingdom and Beijing, China and operating Worldwide. Its beginnings dating back to 1997 when Co-founder David Lilburn Watson established BCRM, a UK firm of London based Management Consultants that specialised in Cyber Security and Risk Management.

Today, A-GRC specialise in Governance, Risk and Compliance. Providing confidence to the most complex business decisions, throughout the World.

A-GRC’s team consists of professional consultants, either employed full time or on an associate basis. They are all experienced consultants in their chosen fields with at least fifteen years practical experience for delivering quality assignments to Clients and who pride themselves on their honesty and integrity to provide the highest standard of service to their Clients.

  • Provide
  • Health
  • Certification
  • Disaster
  • Cyber
  • Forensics

A-GRC services at a glance

  • Health Checks ISO 9001, 19770, 20000, 22301, 27001 and more.
  • ISO Standards Gap Analysis and Preparation for Certification
  • Crisis and Communications Management Consultancy
  • Business Continuity and Disaster Recovery Consultancy
  • Cyber Security and Digital Forensics Consultancy
  • Management Systems and Risk Management Consultancy
  • Software Asset Management Consultancy
  • Remediation and Continuous Improvement Consultancy

For a full list A-GRC services please

A number of the A-GRC ISO Consultants are also employed as freelance Certification Body Auditors, so are able to see the process from ‘both sides’. This insight allows them to make informed and pragmatic insights into the management system process and development for optimal business use.

A-GRC are independent consultants who do not supply any of the security equipment that they may specify for a Client.

A-GRC services at a glance

Case Studies

  • ISO Standards

    Sit on IST 33 that develops the ISO 27xxx range of standards.

  • P&I Club

    Implement their GDPR processes, updated from DPA 98 and integrate into their ISO 19600 Compliance Management System (ongoing)

  • Civil Engineering Firm – Rail Infraco

    Implement Cyber Essentials and elements of 10 Steps into their existing Integrated Management System and gain certification. (Duration 5 months) They passed

  • Marketing and Advertising agency

    Perform ISO 27001, 22301, ISO 9001 and GDPR consultancy to get them through Certification be developing an ISMS with relevant supporting policies and procedures. (ongoing, passed stage 1 audit).

  • HNW Bank

    Designed and implemented BS 10008 processes and procedures to enable them to pass a certificate of registration. (Duration 6 months) They passed

  • Medical Devices Organisation

    integrating the requirements of HIPAA into their existing ISO 27001 and ISO 13485 certified systems.

  • Financial Clearing House

    upgraded their ISO 27001:2005 to ISO 27001:2013 with a scope expansion and taking them through to gain a certificate of registration. They passed (Duration 3 months).

  • International Risk Consultancy

    advice on ISO 27001 scope expansion and detailed gap assessment for the revised scope across 4 countries (Duration 6 months).

  • National Broadcasting Organisation

    advice on governance risk and compliance for a new broadcasting channel for consumers based on ensuring appropriate data custodianship and governance – used ISO 27001 as the benchmark. Reporting to the Launch Director (Duration 3 months)

  • Telco

    Lead the Telco to ISO 27001 certification for their smart metering rollout of 53 Million smart meters in 20 Million homes. This included integration of existing disparate systems including the CAS(T) / PSN backbone and associated infrastructure. Reporting to the CISO. Took them through ISO 27001 Certificate of Registration. They passed. (Duration 18 months)

  • Creative Consultancy

    provide ongoing advice for their migration from ISO 27001:2005 to ISO 27001:2013 and integration of ISO 9001 and ISO 20000 into their IMS. Reporting to the IT Director (Duration 3 months)

  • P&I Club

    Implement a governance and compliance process based on ISO 19600 and FCA guidance. Provide training for implementation. Governance, risk and compliance implementation. Reporting to the Managing Director (Duration 6 months)

  • Lloyds Shipping Broker

    Work with the Governance and Compliance Director to create an integrated management system for governance, risk and compliance including FCA / PRA Handbooks, ISO 9001, ISO 27001, ISO 19600 and BS 10500. Provide training for implementation. (Duration 3 months)

  • Cyber Security Consultancy

    Management systems implementation and auditing (ISO 27001, 9001, 20000, 22301, 17025, 17021). Multiple clients in Financial Services, Telco’s, UK Government and general commerce. Worldwide Lead for ISO management systems. (Duration 12 months).

  • Cloud and Outsource Service Consultancy

    Perform ISO 27001 consultancy to get them through Certification by developing an IMS with relevant supporting policies and procedures. Performed internal audit function doing first and second party audits and gap analyses for their key suppliers. – They passed (Duration 6 months)

  • Creative Consultancy

    Perform ISO 27001 consultancy to get them through Certification be developing an IMS with relevant supporting policies and procedures. Performed internal audit function doing first and second party audits and gap analyses. .Acted as interim Information Security Officer. – They passed (Duration 12 months)

  • Telco

    Gap analysis of major Telco’s merging to identify gaps and recommend remediation for the new joint venture. Work is based on SarbOx, ISO 27001 and PCI DSS compliance (Duration 6 months).

  • Identity Management Start-up

    Develop policies and procedures for a truly integrated peer to peer legal interoperability platform. Case studies included Health, XBRL, Law Firms, Smart Metering, Government / Citizen Services, SEPA. (Duration 18 months).

  • National Monetary Agency

    Perform ISO 9001 consultancy and develop quality management continuous improvement processes to get them through certification and implementation of a quality management framework to continuously improve the business. This is to integrate with the ISMS developed in 2007 and their PCI DSS processes and forms part of their IMS – They passed (Duration 12 months).

  • Defence Contractor

    Write a security plan for them for a multi-billion GBP security contract for a UK government department – ISO 27001, ISO 9001 , JSP 440, HMG InfoSec Standards (ISx, Memos and GPG) and integrated management systems (Duration 1 months).

  • Data Analytics Company

    Perform ISO 27001 consultancy to get them through Certification – They passed (Duration 9 months).

  • Lloyd’s Broker

    Development and testing of a business continuity plan to meet the requirements of BS 25999 and their business requirements (Duration 12 months).

  • Management consultancy

    Development and implementation of a corporate governance and risk management (GRC) framework and implement it. This covered ISO 9001, ISO 20000, ISO 25999, ISO 27001, various legislation and best practice leading to certification (Duration 18 months).

  • Global Research Company

    Implement ISO 27001, ISO 25999, ISO 9001 and Tickit to be able certification, based in Sweden and implementation of information risk management framework. They passed (Duration 30 months).

  • National Monetary Agency

    Perform ISO 27001 and PCI DSS consultancy and develop security architecture framework to get them through certification and implementation of information risk management framework – They passed (Duration 12 months).

  • International Consultancy

    Policy, procedure and consultancy advice for Digital Identity management. (Duration 6 months).

  • Consultancy

    Creation of a Data Protection process and performing an audit to the 1998 DPA (Duration 6 months).

  • University Computer Centre

    perform ISO 20000 and ISO 27001 (Service Delivery and Security) rollout for certification. Development of a BCP to support the certification. They passed (Duration 12 months).

  • Armed Forces (Army and Navy) UK

    Training in Information Security for IRCA Certificated Auditor courses. Witnessed course passed by IRCA and so course certified.. (Duration 1 week).

  • List X Company

    Audit existing ADS, SSPs and SyOPS, rewrite and align with BS 7799 and ensure compliance with IS1/2, GPGs and other relevant CESG guidance). Redo BCP and other procedures and submit for BS 7799 certification and upgrading to ISO 27001. They passed (Duration 6 months).

  • Investment Bank

    Compliance audit including SOx, GLB, PCI DSS and BS 7799 with recommendations for closing the gap identified (Duration 3 months).

  • Cheque Printer

    Perform ISO 27001 consultancy to get them through Certification – along with APACS 55 certification. They passed

  • Rail Infraco

    Develop a set of business continuity plans for the Infraco. These covered loss of facilities rather than the traditional ‘railway crash’ scenarios.

  • Major City Law Firm

    Review current client facing Internet applications from a security standpoint and make recommendations for improvement. This included technical testing as well as management reviews.

  • Major City Law Firm

    Evaluate requirements for DRP and BCP for London office (main office). Plan and implement both plans and create templates for rollout to the remaining offices (22).

  • UK Government Department

    created their security management plan, based on ISO 27001 SPF and supporting standards, for the whole department.