Governance, Risk and Compliance Services for SMEs in Dublin • Spector
Governance Risk and Compliance

Governance, Risk and Compliance

With the advent of GDPR in May 2018, compliance is no longer optional for any organisation. Rather than view Governance, Risk and Compliance (GRC) as an unwanted distraction, use it to leverage competitive advantage.

Maintaining compliance standards requires an in-depth understanding of security policies, frameworks and systems in order to manage the compliance process.

Our compliance team are experienced in managing and progress-reporting on the delivery of different security and compliance frameworks, such as GDPR, Cyber Essentials, Central Bank of Ireland Regulations, NIST and ISO27001. We guide our clients through different levels of compliance maturity, depending on their individual requirements.

Lighthouse watching


• We start with a GAP Analysis and understand your drivers for achieving a higher level of risk maturity. It will produce a simple-to-navigate board-level report of key risks, with recommendations and next steps.

• We guide you through the right security framework to help you achieve your goals and certification paths. The objective will be broken down to practical steps, and these will be performed under our guidance.


• We provide a compliance platform that provides a structured risk-based approach to compliance management.

• This allows for complete collaboration, and activity-based management and evidence gathering, as we progress through the compliance lifecycle.

• Best of all this is structured and automated, saving more time than you can imagine.

Specialist professional analysing project


• We offer professional advice on external cyber security and compliance audits.

• Our recurring compliance services assist with evidence gathering and policy reviews throughout the year, ensuring that standards compliance are maintained.

• We offer remediation services to address shortfalls in both policies and security controls, reporting on positive outcomes.

The Challenge of Managing Technology Risk and Governance

For Financial Services and Companies regulated by the Central Bank of Ireland

Join our list to benefit from our 6 part series addressing IT Risk and Governance. The series is built on our ISO 27001 Lead Audit capabilities as well as extensive IT security audit experience over the past 12 years.

They will take the form of short videos, key documents as well as how-to guides. Subscribe to our series and receive everything in your inbox.


The General Data Protection Regulation (GDPR) significantly changes data protection law in Europe, strengthening the rights of individuals and increasing the obligations on organisations. It came into effect on May 25th 2018.

As a business organisation, you are now required to be fully transparent about how you are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities. The right set of policies and procedures, as well as staff awareness and training, will ensure you can demonstrate you are managing private data effectively.

To know more about what is GDPR or how it will affect SMEs in Ireland, click on these links and read our articles.

Cyber Essentials is a globally recognised baseline standard for IT security. It is managed by Certification Europe. Think of it as health check covering core areas of IT and IT security controls. The Cyber Essentials scheme is used to ‘give assurance’ to both clients and providers that you apply basic levels of IT-related security.

Having a Cyber Essentials certification can help you secure contracts, reduces your risks of data breaches and other attacks, helps to address other compliance requirements (such as GDPR), and generally makes good business sense.

If you would like to know more about the benefits of Cyber Essentials, click here and read our article about it.

NIST is a world recognised Cyber Security Framework, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.

The Framework will help an organization to better understand, manage, and reduce its cybersecurity risks. It will assist in determining which activities are most important to assure critical operations and service delivery.

By providing a common language to address cybersecurity risk management, it is especially helpful in communicating inside and outside the organization. If you want to learn more, check the NIST website for more information.

Our Cyber Security and Compliance Foundations project has been specifically designed to prepare Spector for compliance standards such as Cyber Essentials, GDPR, ISO and HIPPA, to name but a few. We have designed this solution over several years working with companies in industries such as financial services, healthcare and insurance and have successfully completed multiple projects right through to audit completion.

Our standard framework includes:

  • The supply and tailoring of Security Policies – numbering between 17 and 23 policies.
  • Secure build – technology meeting policy standards and Cyber Security protection.
  • Evidence Gathering – gathering of policy compliance and cyber security controls.
  • Maintaining standards – the ongoing tasks, policy updates and reviews that need to be performed in order to maintain compliance.
  • A single repository for all data – we retain all policies, reports, reviews and security-based information in a secure, fully audited file share.
  • Auditing – assistance with audit preparation and management of non-conformities for those companies that are
    audited either internally/externally or both.

A lot of our current customers came to us with that mindset. There are many levels of GRC and the secret is to handle one at a time. The path begins with small steps, all within reach of your organisation, and as you progress the following actions begin to make more sense.

With our practical frameworks and guidance, any level of compliance is within reach. We will be able to tell exactly where you are and what you need to do to move forward.

Projects differ in complexity but are often delivered within a 4-6 week time window.

Projects generally have two parts. The first covers the setup of your Cyber Security and Compliance framework – this get you positioned for compliance, but your responsibilities don’t end there. To continue being compliant, you’ll require a calendar of reviews and events to make sure that you have the evidence to support your compliance requirements. This is an ongoing service we offer and one that evolves with changes to compliance standards.

Want to know more? View our Case Studies

Find out what it’s like to work with Spector, directly from our clients.

Have a question? Get in touch!

Whether your query is big or small, we'd be delighted to help.