iTGRC, Regulatory Compliance Assurance
Regulatory compliance is an organization's adherence to laws, regulations, guidelines, and specifications relevant to its business. It deals with the concern that one’s organisation is aware of and taking required and cost effective steps to comply with relevant laws and regulations.

GDPR for Data Protection
ISO27001 for Information Security Management supporting PDPA
ISO/IEC 9001 for Quality Management
TRM for Technology Risk Management
GDPR
Personal Data Security and Protection
What the GDPR means for businesses in Asia?
-
The appointment of a data protection officer (DPO) will be mandatory for companies processing high volumes of personal data and good practice for others.
-
Privacy risk impact assessments will be required for projects where privacy risks are high.
-
Products, systems and processes must consider privacy-by-design concepts during development.
-
Data controllers must ensure adequate contracts are in place to govern data processors. They must also have a legal basis for processing personal data. Either alone or jointly with others, determines the purposes for which and the manner in which any personal data is, or is to be, processed.
-
Data processors can be held directly liable for the security of personal data.
-
72 hours - the time a controller has to report a data breach after becoming aware of a breach, unless the breach presents a low risk to the individual’s rights.
Penalties
There will be tough penalties for those that fail to comply. These will be up to: 4% of annual global turnover or €20 million whichever is greater. Choose a GDPR Self-Assurance package and find out how you can fulfill the requirement in no time. Click here

ISO27001
Security Management System that fulfills PDPA and GDPR
Services offered by iTGRC Asia
-
Review of Compliance program for effectiveness
-
Internal Control Review
-
Policy and Procedure Development
-
Policy Implementation and evaluation
-
Managing Transition to Compliance
-
Mitigation or Remediation, or both
Expected deliverable to your organizations
-
Information Security Management Audit Report (Findings)
-
Information Security Governance and Management Compliance Program assessment Report
-
Control Gap Analysis Report
-
Recommendation of Mitigation, Response plan or Remediation
-
Recommendation of a Compliance Strategy, or Improvement plan based on industry Best Practices or International Supervisory bodies requirements, such as that by Federal Financial institutions examination council (FFIEC)
ISO/IEC 9001
Quality Management System
Start now and achieve ISO9001 certification in a matter of months.
Implementing an ISO9001 Quality Management System (QMS) will motivate staff by defining their key roles and responsibilities and will achieve cost savings through improved efficiency and productivity.
An ISO9001 QMS will enable you to identify product or service deficiencies and make improvements quickly, resulting in less waste, less inappropriate or rejected work, and fewer complaints. Your customers will notice that orders are met consistently, on time and to the correct specification. This can be the basis for company growth, opening up market opportunities.
ISO/IEC 9001 consultancy service
Free initial assessment enables you to assess where you are (after all, you probably already meet many of the requirements) and identify how you can progress with us to success.
fixed price consultancy enables you to control all the costs of achieving certification.
Our implementation approach and methodology is pragmatic, proven and straightforward.
We will help you increase internal buy-in by leveraging your resources to achieve your certification/conformance goals.
We focus on transferring knowledge and skills to you and your staff so that you can continue meeting compliance targets after the initial implementation period ends.
In short, we help tailor your Quality Management System so that it suits your requirements, is cost-effective to operate and still continues to meet ISO9001 requirements.
TRM
Technology Risk and Security Management
Managing your technology risk to meet Government or Regulatory requirements is not uncommon in most countries, especially industries where business or investment is heavily underpinned by technology for automation, productivity, efficiency or innovation. It's particularly significant and prominent today in banking, finance, insurance. The benefits are more than, and not limited to;
-
Avoid Financial Penalty
-
Avoid Criminal Imprisonment
-
Business Continuity and Sustainability
-
Prevent Reputation and Business Impact, and
- Propagation or Introduction of outsourced third-party risks
It's self-evident that the following Services, are the essential as part of a sound compliance assurance scheme:
-
Review of Compliance program for effectiveness
-
Internal Control Review
-
Control Gap Analysis
-
Policy and Procedure Development
-
Policy Implementation and evaluation
-
Managing Transition to Compliance
- Mitigation/Remediation
that promise the Deliverables below, which shall satisfactorily achieve the control objectives and your business goals.
-
Risk Assessment Report
-
Audit Report (Findings)
-
Control Gap analysis Report
-
Recommendation of Mitigation or Response plan or Remediation
- Recommendation of a Compliance Strategy, or Improvement plan based on industry Best Practices or supervisory requirements.