Governance, Risk & Compliance

Home What we do Governance, Risk & Compliance
GRC Challenges & Benefits

Every company has a different culture, requirements and expectations for the way in which their people, process and technology inter-operate to create business value. New initiatives, mergers and acquisitions create new compliance requirements and alter risk profiles for companies. Regulatory compliance driven by SOX, HIPAA, GLBA and others are increasing complexity and cost of managing business.

GRC provides the centralized management framework for company policies, risk treatment and measurement of compliance to industry, regulatory and commercial requirements. Visibility into the drivers that effect changes in company requirements can provide strategic direction for executive management, increases in competitive edge, reduction in operational costs and improved viability in challenging economic times.

Industry Leading Expertise, Experience and Partners Key to Successful GRC Solution

The OpenSky GRC practice encompasses what is currently represented in the market as eGRC and ITGRC. We help IT organizations reduce operational costs through automation of manual process, aligning those activities to strategic company objectives and delivering a solution to IT that saves time and money and demonstrates value to Executive Management.

OpenSky is partnered with RSA/Archer, the industry leading GRC software provider, and employs a highly qualified team of GRC Professionals with Financial, Insurance, Healthcare, and Pharmaceutical Industry experience. Expert consultants maintain Information Security Certifications including: CISSP, CISM, CISA, CGEIT, and CRISC, as well as Archer Certified Professional (ACP) qualifications.

Contact Us

Call us on  01372 371050 or email us at to discuss your requirements.


GRC Maturity Assessments

This valuable assessment coupled with OpenSky extensive GRC experience and capability will help identify areas for improvement in your GRC program and provide tactical solutions to help you derive increased benefits from your GRC efforts.

Strategy & Architecture Assessment

The project provides the client with an understanding of their current Governance, Risk and Compliance (GRC) program (high level processes and controls), to determine their current and future state targets, and to identify the need and high level focus of bringing in a GRC technology platform. The purpose of this project is to document the client’s Executive goals for its GRC program, identify efficiencies to be gained in its current processes, and identify solution capabilities for automating parts of the client’s GRC program.

GRC Healthcheck

The GRC Health Check Service is a limited review of an existing GRC program and technology platform. The following activities are included:

  • Conduct an executive workshop to understand the current situation with the existing GRC program and technology platform.
  • Complete a select number of interviews with client designated stakeholders to gather additional perspectives and requirements for a reporting strategy.
  • Create a Situation Overview document that presents the current situation per the executive interview, reporting requirements and associated information model, observations and recommendations at a high level.

Provide a Management Presentation summarizing the Situation Overview and identifying project initiatives for optimizing the GRC program and technology platform.

RSA Archer Training

Companies are challenged to translate high-level GRC requirements and strategies into real-world controls and processes. Focus, scope, and prioritization are complicated by the variety of technical options and array of business stakeholders involved in a corporate-wide GRC initiative.

Effective deployment of Archer is complicated by inadequately maintained policies and procedures which effect risk and compliance. In addition, these policies and procedures span multiple disparate stakeholders including Legal, Finance, HR, IT, Security, and Facilities, increasing the complexity of accurate process mapping and oversight. Imprecise employment of tools, such as Archer, and the inability to successfully interrelate risk information across the enterprise result in faulty output for GRC decision making.

Contact Form