Governance, Risk & Compliance

Helping you implement best practice systems, processes and controls

viden-grc-tile-office-desks

Great doesn’t have to mean complicated

Viden prides itself on being able to communicate effectively from the server room to the board room. Whether it’s developing a security governance strategy or assisting with an independent audit, Viden takes care to make the complex, clear.

Our GRC Capabilities 

Our expert team of GRC specialists are intimately familiar with the selection, design, implementation, or audit of a broad range of cyber security or privacy frameworks, including the ISM, ASD Essential Eight, ISO27001, NIST, CMMC, SOC2, the APP and CPS234.

Accordion content.

United States Government – Executive Order 15404 has mandated the use of Software Bill of Materials (SBOM) for all products used in the US Government.

All systems that store, process or communicate Australian Government information must be authorised against the Information Security Manual. An IRAP assessment allows you to demonstrate your commitment to security and be more competitive in Australian Government bids.

Accordion content.

Under the Privacy Act 1988, organisations that collect and use personal information must comply with the Australian Privacy Principles. Additional requirements such as the European Union General Data Protection Regulations may also apply for international customers. Viden can provide advice and assistance in complying with your privacy obligations.

A Privacy Impact Assessment involves the identification of impact on the privacy on individuals and for an organisation to manage, minimise or eliminate the impact to privacy of individuals in accordance with the Australian Privacy Principles.

Accordion content.

The Security of Critical Infrastructure Act (or SOCI Act) sets obligations that are required for the following sectors: Communications, Financial services and markets, Data storage and processing, Defence, Higher education and research, Energy, Food and grocery, Healthcare and medical, Space technology, Transport, Water and sewerage.
The three positive security obligations required for these sectors are: Provide operational and ownership information to the Register of Critical Infrastructure Assets, Report cyber incidents which impact the delivery of essential services to the Australian Cyber Security Centre, Adopt, maintain and comply with a written risk management program.
Viden’s experience with national security entities can help you demonstrate and excel in you meting these obligations.

Ready to get started?

It’s not a case of if, but when

Modern cyber threats are pervasive and persistent. Let us help you design and build a GRC system that is the Right Fit For Risk (RFFR).

grc-tile-typing_thumbnail_1920