Our Projects
Explore ITGRC Advisory Ltd.’s diverse portfolio of projects, showcasing expertise in IT governance, risk management, and compliance. From aerospace safety enhancements and energy sector consulting to SOC 2 compliance implementations and cybersecurity audits, our projects span multiple industries. We specialize in creating tailored solutions for business continuity, integrated GRC systems, and regulatory compliance, ensuring robust security and operational excellence for global clients.
Aerospace and Aviation Expertise
Enhancing Safety and Security in Aviation
This project involved creating detailed and formalized descriptions of ground handling procedures and conducting a thorough risk analysis for a newly introduced aircraft model. The work included managing highly confidential flight documents and integrating IT infrastructure across multiple independent systems within the aircraft's internal server room. The results, approved by the aircraft manufacturer, positioned this initiative as a benchmark in aviation processes for Central and Eastern Europe. It marked a significant achievement, showcasing a systematic and methodical approach that elevated the region’s aviation standards.
Integrated Risk Management System for a National Social Insurance Institution
Award-Winning Risk Management Solution
An extensive risk management system was designed for a national social insurance institution, covering 65,000 employees and their workplaces. The system included the creation of methodologies, organizational frameworks, and detailed documentation, adhering to international risk management standards. The project was developed in collaboration with representatives from multiple European countries and received first-place recognition in risk management excellence among social security institutions across 19 European nations. This award highlighted the institution’s leadership in operational risk mitigation and governance.
Operational Risk Management System for a Leading Bank
Transforming Risk and Compliance Processes
A comprehensive operational risk management system was developed for a leading financial institution. Over 18 months, the project optimized internal audit structures, streamlined compliance frameworks, and introduced a cutting-edge GRC-class IT tool to enhance risk assessment and control processes. This initiative resulted in more efficient workflows and a strengthened compliance posture, enabling the bank to meet regulatory expectations and manage operational risks effectively.
Risk Management and Compliance System for a Financial Institution
Strengthening Banking Risk Frameworks
A risk management and compliance system was designed for a financial institution within the automotive sector. The project involved methodological improvements to internal audit procedures, compliance systems, and risk frameworks. These enhancements ensured the institution met supervisory requirements, significantly improving its operational efficiency and regulatory compliance.
Integrated Risk Management System for a Public Sector Ministry
Preparing for GDPR Compliance and Public Finance Oversight
This project entailed the development of an integrated risk management system for a public finance sector ministry. The system included comprehensive risk policies, methodologies, and training programs designed to prepare the ministry for GDPR compliance. By integrating the risk management framework with information security protocols, the initiative strengthened regulatory adherence and established a culture of proactive governance.
Operational Risk Management System for a Manufacturing Company
Streamlining Risk and Audit in Production
A robust operational risk management system was developed for a major manufacturing company specializing in furniture production. The project involved optimizing compliance processes, enhancing internal audit capabilities, and creating a tailored risk mitigation framework. These improvements enabled the company to maintain high standards of efficiency while managing operational risks effectively.
Business Continuity Management for an Energy Exchange
Ensuring Stability in Energy Trading
A Business Continuity Management System (BCMS) was implemented for a national energy exchange, supporting the uninterrupted operation of energy trading platforms. The project included business impact assessments (BIA), risk analysis, and defining recovery objectives such as RTO and RPO parameters. Internal audit processes were also optimized to enhance resilience and support risk mitigation strategies.
GRC System Implementation for Air Navigation Services
Integrating Global Standards in Risk Management
A Governance, Risk, and Compliance (GRC) system was developed for an air navigation agency. This initiative integrated multiple international standards, including COSO, ISO 31000, and ISO 9001, into the agency's risk and compliance processes. The project prepared the organization for digital transformation, enabling it to manage risks efficiently in a highly regulated environment.
Information Security and Privacy System for a Marketing Platform Provider
Ensuring Global Security and Privacy Compliance
A comprehensive information security and privacy system was developed for a global marketing platform provider. The system ensured compliance with international privacy regulations, safeguarding sensitive data and enabling the company to meet the requirements of enterprise clients across multiple markets. This initiative emphasized proactive risk management and continuous monitoring.
Business Line Failure Analysis for an Energy Company
Driving Organizational Improvements Through Root Cause Analysis
A detailed failure analysis was conducted for a specific business line within an energy company. Using advanced methodologies such as the Swiss Cheese Model and Fault Tree Analysis, the project identified key root causes of failures and provided actionable recommendations to prevent recurrence. This approach fostered organizational learning and improved resilience in future projects.
Integrated GRC System for a Food Processing Company
Enhancing Process Maturity and Compliance Readiness
A Governance, Risk, and Compliance (GRC) system was designed for a leading food processing company. The project involved assessing process maturity, auditing high-risk areas, and delivering recommendations for improvement. By digitizing risk and compliance processes, the initiative ensured operational efficiency and readiness for evolving regulations.
ISO 27001, SOC 1 and SOC 2 Implementation for a Gaming Company
Establishing Robust Security and Compliance Frameworks
A comprehensive SOC 1 and SOC 2 implementation project was conducted for a global gaming company. The initiative included readiness assessments, ISO 27001 integration, and the establishment of Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy. The project enhanced the company’s global compliance capabilities and stakeholder confidence.
Security and Privacy System Implementation for an AI SaaS Platform
Aligning Privacy and Security with AI Solutions
A SOC 2 framework was implemented for an AI-powered SaaS platform, ensuring compliance with GDPR, HIPAA, and other international privacy regulations. This project emphasized security and availability, helping the platform meet the stringent requirements of the healthcare and wellness industries.
SOC 2 Attestation for a Financial Services Group
Building Trust and Security in Financial Technology
SOC 2 frameworks were developed and attested for a financial services group, integrating security, availability, and privacy standards. The project ensured robust compliance in bridging Web3 technologies with traditional financial systems, enhancing the group’s operational resilience and customer trust.
SOC 2 Attestation for a Data Center Provider
Ensuring High Standards in Security and Availability
A comprehensive SOC 2 Type II attestation was achieved for a major data center provider. This project focused on implementing security and availability controls aligned with Trust Services Criteria to meet the rigorous standards required for data centers. The attestation process involved continuous monitoring and evaluation of operational controls, ensuring that the provider could demonstrate high reliability and security to its clients.
SOC 2 Attestation for a Custom Software Development Company
Strengthening Security and Compliance for Software Solutions in Finance, Healthcare, and E-Commerce
This project involved the implementation of SOC 2 frameworks for a custom software development company specializing in finance, healthcare, and e-commerce. The SOC 2 attestation process included a thorough assessment of security, availability, and processing integrity controls, tailored to address the specific needs and regulatory requirements of each sector. The project enabled the software company to enhance client trust by ensuring robust data protection and compliance.
SOC 2 Attestation for an AI Voice Assistant in Healthcare
Enhancing Security and Compliance for Healthcare AI Solutions
A SOC 2 framework was designed and implemented for an AI-driven voice assistant platform used in healthcare. The project focused on security, availability, and confidentiality to meet the unique requirements of the healthcare industry. By achieving SOC 2 attestation, the platform demonstrated its commitment to safeguarding sensitive patient information and compliance with privacy regulations, making it a trusted partner for healthcare providers.
SOC 2 Attestation for a SaaS Development Company in Manufacturing
Supporting Security and Integrity for Manufacturing Process Solutions
SOC 2 frameworks were established for a SaaS provider offering solutions tailored to manufacturing processes. The project involved designing controls to meet security and availability requirements, ensuring the platform could securely support manufacturing clients in optimizing their operations. The attestation process verified that the SaaS provider’s system was resilient, reliable, and well-equipped to handle the needs of manufacturing clients.
SOC 2 Attestation for a CI/CD Platform Provider
Ensuring Security and Processing Integrity in Continuous Integration and Delivery
This project involved implementing SOC 2 frameworks for a CI/CD (Continuous Integration and Delivery) platform provider, focusing on security, availability, and processing integrity. The project aimed to guarantee that the platform’s systems could reliably support developers and organizations by safeguarding data during software development cycles. Achieving SOC 2 attestation validated the provider's commitment to secure and efficient CI/CD services.
SOC 2 Attestation for a Customer Engagement AI Company
Improving Security and Compliance for AI-Powered Customer Engagement Platforms
This project focused on designing SOC 2 frameworks for an AI-powered customer engagement platform, with a particular emphasis on security, availability, and confidentiality. The attestation validated the platform’s ability to handle sensitive customer data securely and provided assurance to clients regarding the integrity and privacy of their data interactions. This allowed the company to enhance client trust and strengthen its reputation for secure engagement solutions.
SOC 2 Attestation for a Backup and Resilience Services Company
Enhancing Data Security and Recovery Capabilities
SOC 2 frameworks were implemented for a backup and resilience services provider, focusing on security, availability, and confidentiality. The project included evaluating data protection measures, disaster recovery protocols, and system resiliency to ensure that client data would be protected and recoverable in the event of an outage. Achieving SOC 2 attestation confirmed the provider’s commitment to secure, reliable backup solutions.
SOC 2 Attestation for an AI-Based Fraud Analytics Platform
Strengthening Security and Privacy Controls for Advanced Fraud Detection
A SOC 2 framework was designed and implemented for an AI-driven fraud analytics platform specializing in detecting and preventing financial crimes. The project focused on ensuring security, availability, and confidentiality through the establishment of robust controls that safeguarded sensitive financial data. Comprehensive assessments and control implementations were conducted to meet SOC 2 requirements, allowing the platform to achieve attestation. This milestone demonstrated the platform's commitment to maintaining a secure and compliant environment, enabling it to provide trusted fraud detection services to its clients.
SOC 2 Attestation for an Application Delivery Platform
Securing Kubernetes-Based Hosting and Application Delivery Services
SOC 2 Type II attestation was achieved for a company providing Kubernetes-based hosting and application delivery services. This project focused on designing and implementing controls for security, availability, and processing integrity to support high-performance application delivery. The attestation validated the platform's ability to provide secure, reliable services, meeting client demands for uptime and resilience.
SOC 2 Attestation for an Application Management Company
Ensuring Security and Streamlined Management in Application Services
A SOC 2 framework was designed and implemented for a web-based SaaS platform specializing in application management. The project focused on controls for security, availability, and processing integrity to ensure secure application monitoring, compliance, and management processes. Achieving SOC 2 attestation enabled the platform to demonstrate its reliability and security, providing clients with confidence in the service’s ability to manage and monitor their applications effectively.
SOC 2 Preparation for an AI Cloud Agnostic Company
Preparing for SOC 2 Compliance in Real-Time Data Analysis and Behavioral Insights
This project involved a readiness assessment and the design of SOC 2 frameworks for a company specializing in real-time data analysis and behavioral insights. The project emphasized security, availability, and processing integrity, ensuring that the company could securely handle and interpret large volumes of behavioral data. The preparation process created a foundation for compliance and positioned the company as a trusted source of data-driven insights.
Custom GRC Solutions for a Legal Information Provider
Adapting Risk and Compliance Systems to National Frameworks
A custom Governance, Risk, and Compliance (GRC) system was designed and seamlessly integrated with a national legal information platform. This project included the development of compliance modules, comprehensive risk management processes, and tools for ESG (Environment-Social-Governance) reporting. By aligning the system with evolving legal and environmental standards, the project enhanced the platform’s ability to meet national regulatory requirements and adapt to international best practices.
SOX IT Controls Verification and Description for Food Industry Group
Strengthening IT Governance in Food Industries
This project involved the verification and documentation of IT control mechanisms for a global leader in the food industry. The work focused on ensuring compliance with SOX Section 404 and international standards. Controls were aligned with the parent company’s global compliance framework, strengthening IT governance and operational integrity across all business units. The initiative improved system resilience and enhanced trust with stakeholders.
Financial Software Escrow Audit and Consulting
Strengthening Trust in the Financial Sector
Expert auditing and consulting services were delivered to streamline software escrow processes for financial institutions. The project was tailored for the Asian market, focusing on ensuring operational continuity and compliance with regional and international standards. These efforts fostered trust between financial institutions and their software partners, solidifying partnerships and enhancing the reliability of escrow mechanisms.
Cybersecurity Framework Implementation for Ministry of Finance
Enhancing IT Security and Compliance with ISO 27001 Standards
This project involved consulting and supporting the Ministry of Finance in implementing a cybersecurity framework based on ISO 27001 standards for IT security. The engagement included the preparation and consultation on IT security policies and procedures, along with their practical implementation. By aligning with ISO 27001 best practices, the project strengthened the ministry’s cybersecurity posture and ensured the adoption of robust security management processes.
Technical Due Diligence for an Online Shop Platform Provider
Assessing Security, Privacy, and Scalability of E-Commerce Platforms
A technical due diligence assessment was conducted for a company offering an internet platform for creating and maintaining online shops. The project involved evaluating the company’s cybersecurity and privacy practices, the security and privacy features embedded in their product, software development lifecycle (SDLC) practices, infrastructure management, coding standards, and platform scalability. This comprehensive review provided actionable insights to enhance the platform’s reliability, security, and scalability while ensuring compliance with best practices.
MRI Medical Device Audit
ESupporting ESG Practices in Medical Environments
An audit was conducted on MRI medical devices for a medical company, focusing on energy consumption as part of ESG initiatives. The project assessed energy efficiency across devices to support sustainable practices in hospitals and other medical facilities. The findings provided actionable recommendations for reducing energy consumption, aligning with environmental goals while maintaining medical device performance standards.
Cybersecurity Audit for Energy Group
Ensuring Compliance with NIS and Cybersecurity Regulations
A cybersecurity audit was performed for a leading energy group, focusing on compliance with NIS 1, the National Cybersecurity Act, ISO 27001, ISO 22301, and best practices for protecting OT, ICS, and SCADA systems. The audit identified potential vulnerabilities and provided recommendations to enhance the group’s cybersecurity framework, ensuring adherence to critical national and international standards.
Compliance and Cybersecurity Audit for Energy Group
Strengthening Cybersecurity Frameworks and Transitioning to NIS2 Compliance
This project expanded upon a standard cybersecurity audit for an energy group by including an evaluation of Security Operations Center practices and conducting a comprehensive gap analysis to align with the NIS2 directive. The audit covered compliance with NIS 1, National Cybersecurity Act, ISO 27001, ISO 22301, and best practices for OT, ICS, and SCADA systems. Deliverables included a detailed roadmap for addressing identified gaps and transitioning to NIS2 requirements.
Consulting for Railway Company on SOC Services and SIEM Tool Selection
Optimizing Security Operations and IT Practices for the Rail Sector
Consulting services were provided to a railway company for selecting and procuring Security Operations Center services and Security Information and Event Management tools. The project included verifying internal IT and security practices, evaluating data sources and flows, and analyzing the company’s existing structures. The result was a detailed document defining the scope of SOC services and the SIEM solution, ensuring the organization’s requirements were clearly addressed in the procurement process.
Accreditation Preparation Audits for Medical Facilities
Ensuring Compliance with National and International Quality Standards
Leveraging extensive experience in the medical industry, IT system audits, and IT implementations in hospitals, we have successfully guided leading hospitals in the region through the accreditation process. Our expertise is grounded in aligning medical facilities with both national and international quality standards, ensuring seamless compliance and readiness for accreditation audits.
Our work includes the design and implementation of comprehensive quality management systems for various healthcare entities, including hospital networks, clinic chains, and individual medical practices. These systems have been tailored to meet the unique operational needs of each facility, focusing on enhancing patient care, process efficiency, and regulatory compliance.
In addition, we have conducted in-depth technical and medical audits for healthcare entities, evaluating both IT infrastructure and clinical practices. These audits provided actionable insights and recommendations to optimize operational efficiency and maintain adherence to evolving healthcare standards.
Each accreditation preparation project has culminated in a successful outcome, with all facilities achieving positive audit results and securing accreditation status. This track record underscores our commitment to supporting healthcare organizations in delivering high-quality, safe, and patient-centered care.
IT Audit for Electronic Platform for Medical Event Data
Strengthening Digital Health Infrastructure for a National Digital Health Agency
We conducted an IT audit for the Electronic Platform for Collection, Analysis, and Sharing of Digital Resources on Medical Events, a project aimed at enhancing the nation’s digital health capabilities. The audit reviewed documentation, evaluated the functionality and effectiveness of IT solutions, and analyzed the design and performance of the "Audit Bus" and "Administration System" subsystems. It also assessed system integration, release, deployment processes, and warranty supervision to ensure seamless operations and long-term effectiveness. This work provided actionable insights to optimize the platform’s functionality and support the nation’s digital health strategy.
Strategic Management Implementation and Development Strategy for a Medical University
Driving Growth and Innovation in Higher Education
We designed, prepared, and supported the implementation of a comprehensive development strategy for one of the largest medical universities. The project involved analyzing the university's current capabilities, identifying areas for growth, and establishing a strategic framework to guide future development.
The strategy emphasized enhancing academic excellence, fostering research innovation, and expanding the university’s infrastructure to meet the evolving demands of medical education. Our team worked closely with university leadership to ensure the strategy was actionable and aligned with long-term institutional goals, providing a solid foundation for sustainable growth and innovation in medical education and research.
External Audit of IT System Development for Police and Ministry of Internal Affairs
Ensuring Secure Communication and Operational Efficiency
This service involves auditing the development of an IT system designed to support secure communication within the Police and subordinate services under the Ministry of Internal Affairs. The audit evaluates system design, implementation, and security measures to ensure reliable and efficient communication. It also verifies compliance with regulations and provides recommendations to optimize system performance and security, supporting operational coordination across agencies.
Fraud Audit for a Global Real Estate Services Provider
Strengthening Financial Integrity and Operational Transparency
This project involved conducting a comprehensive fraud audit for a leading company in the real estate services industry. The audit focused on identifying vulnerabilities in financial processes, detecting potential fraudulent activities, and assessing the effectiveness of existing controls.
Our approach included a thorough review of financial transactions, risk-prone operational areas, and internal compliance mechanisms. The findings provided actionable insights to strengthen anti-fraud measures, enhance internal controls, and ensure compliance with regulatory and industry standards. This initiative helped the company safeguard its financial integrity and maintain transparency in its operations.
Security and Privacy Third-Party Audits for an Insurance and Financial Services Provider
Ensuring Data Protection and Regulatory Compliance Across Third Parties
This project focused on conducting in-depth security and privacy audits for third-party vendors working with a prominent company in the insurance and financial services industry. The audits evaluated the vendors’ data protection measures, compliance with GDPR and other relevant regulations, and adherence to industry best practices.
Key areas of assessment included data handling processes, access controls, incident response readiness, and overall security posture. The findings provided the client with a comprehensive view of third-party risks and actionable recommendations to mitigate vulnerabilities, enhance privacy protection, and ensure robust compliance with regulatory requirements.
Data Centers Audit for a Global Telecommunications Provider
Ensuring Reliability, Security, and Operational Resilency
This project involved conducting a comprehensive audit of data centers for a leading telecommunications company. The audit focused on evaluating infrastructure resilience, security measures, operational processes, and compliance with industry standards.
Key areas of analysis included physical security controls, network and system redundancies, energy efficiency, disaster recovery protocols, and adherence to regulatory requirements. The audit provided actionable recommendations to enhance data center reliability, optimize performance, and strengthen overall security, ensuring the company’s infrastructure could support its critical operations and customer needs effectively.
Cybersecurity Audit and Compliance Assessment for Leading Hospitals
Ensuring Cybersecurity and Compliance with NIS 1.0 and National Regulations
This project involved performing comprehensive cybersecurity audits for leading hospitals to ensure compliance with NIS 1.0 and the national cybersecurity act. The audits focused on evaluating the hospitals' IT and OT systems, identifying vulnerabilities, and assessing the effectiveness of cybersecurity measures in protecting critical medical infrastructure.
Key areas included risk management processes, incident response protocols, system access controls, and data protection practices. The audits also ensured compliance with legal and regulatory requirements, providing hospitals with actionable recommendations to strengthen their cybersecurity posture, mitigate risks, and safeguard sensitive patient data against evolving threats.
Cybersecurity Program Implementation for Leading Hospitals
Strengthening Cybersecurity and Continuity with ISO Standards
This project implemented a cybersecurity framework for leading hospitals to comply with NIS 1.0 and the national cybersecurity act. Based on ISO 27001 and ISO 22301 standards, the initiative included developing risk management procedures, incident response protocols, and business continuity plans to safeguard critical infrastructure and patient data. Staff training ensured effective adoption, enhancing security resilience and ensuring uninterrupted healthcare services.
Internal Audit Function Quality Assessment for a Municipal Government
Enhancing Audit Efficiency and Compliance with IIA Standards (IPPF)
This project involved a comprehensive quality assessment of the Internal Audit Function for the municipal government of a major European city. The assessment focused on evaluating compliance with the International Standards for the Professional Practice of Internal Auditing (IPPF) set by the Institute of Internal Auditors (IIA).
The review included an in-depth evaluation of audit methodologies, processes, and reporting mechanisms to ensure alignment with IIA Standards, regulatory requirements, and best practices. The project also provided recommendations to optimize audit practices, enhance resource allocation, and improve the effectiveness of governance and oversight processes. This initiative strengthened the city’s internal controls and ensured the Internal Audit Function adhered to the highest professional standards.
Stay in touch
ITGRC ADVISORY LTD.
590 Kingston Road, London,
United Kingdom, SW20 8DN
Company Number: 12435469