As part of PTPs offerings to support customers in their compliance journey to either formal certification, or even working inline with standards such as ISO27001:2013, we have identified tools and solutions to make the task simpler.
Eramba was identified as a good candidate, as the product was written by Governance Risk and Compliance (GRC) professionals. We now use this tool internally to manage PTPs own 27001:2013 ISMS and are recommending it’s use to our customers to help manage their own compliance programme.
Eramba was built by GRC professionals in different industries and different parts of the world as a tool to help us get our job done in a more efficient and professional way than simpler tools (spreadsheets, sharepoint, etc). Eramba is a tool that helps with compliance, risk management, control testing, exception management, etc. See our open, free documentation for details.
Typical use cases are ISO 27001, SOC2, PCI, Risk Frameworks, Vendor Assessments, Awareness Training, Incident handling, etc. Typical users professional profiles are Security Professionals, GRC, Compliance, Internal Audit, Auditors, IT Managers, Etc.
Some of the GRC Services that we offer
- ISO27001 gap analysis – PTP work with their customers to review the current security posture including policy, processes and controls. Based on this review a detailed gap analysis and compliance programme is created, to move the customer towards formal certification.
- ISO27001 implementation support and workshops – PTP provide an ongoing service, where we deliver as much or little help and support as required during a compliance programme. This can include developing the initial business case and strategy, through to Policy and Process creation and the implementation of appropriate controls. For customers with existing certifications, we also provide review services through the year to prepare for formal audits and minimise remediation requirements.
- Reviews against other standards and best practice (NIST, NCSC Best Practice, PCI DSS, Cloud Security Alliance, CIS benchmarks) – In addition to ISO27001:2013, Eramba also support the management of other standards and best practice. PTP provide a full lifecycle service across many of these, from initial gap analysis to the development and delivery of a compliance programme.