Governance, Risk & Compliance (GRC)
Cybersecurity doesn’t rely on technical tools alone. GRC is essential for structuring your security durably, meeting regulatory requirements, and preparing your organization for incidents. Castelis helps you frame, formalize, and drive your cyber strategy.
ISO 27001 Certification & Governance
We support your organization at every stage of the ISO 27001 process: from initial assessment to certification, then in maintaining and continuously improving your Information Security Management System.
Governance audits
Assessment of your organization's maturity (governance, roles, processes, and documentation) to identify gaps with ISO 27001 and define a roadmap.
Regulatory compliance
Support for ISO 27001 and GDPR compliance: gap audits, action plans, processing mapping, and certification preparation.
ISMS Deployment
Design and implementation of your Information Security Management System: scope, risk analysis, and integration into the organization.
ISMS Management & Maintenance
Ongoing ISMS monitoring via the PDCA cycle: indicators, action plan, non-conformity management, and surveillance audit preparation.
Security policies & procedures
Definition and formalization of your security policies (ISSP), charters, and procedures compliant with ISO 27001, tailored to your risks and challenges.
BCP / DRP
Design, update, and testing of business continuity and disaster recovery plans to meet ISO 27001 resilience requirements.
Crisis management & ISO 27001 exercises
Organization of simulations and cyber crisis exercises to test ISMS effectiveness, BCP/DRP, and prepare teams for major incidents.
ISO 27001 awareness & training
Awareness and training of teams on information security challenges and ISO 27001 requirements, in standard or certifying formats.
Phishing campaigns
Email attack simulations to test employee vigilance and strengthen cybersecurity culture.
GDPR Compliance & Data Protection
We support your organization in achieving GDPR compliance and sustaining your data protection obligations over time, in conjunction with your cybersecurity governance approach.
GDPR audit & assessment
Assessment of your GDPR compliance: processing mapping, gap analysis, and prioritization of compliance actions.
GDPR compliance
Formalization of records, impact analyses (DPIA), data protection policies, and management of data subjects' rights.
GDPR compliance maintenance
Long-term monitoring to ensure ongoing GDPR compliance: breach management, DPO support, and continuous improvement of practices.
/ A structured and pragmatic GRC approach
Our GRC methodology is based on a progressive and pragmatic approach, aimed at structuring cybersecurity coherently, adapted to the organization’s maturity and regulatory requirements.
Scoping
Analysis of your context, regulatory challenges, and cybersecurity objectives.
Assessment
Conducting governance audits and risk analyses to identify gaps and priorities.
Structuring
Definition of policies, procedures, and action plans adapted to your regulatory and organizational framework.
Crisis preparation
Implementation or update of BCP/DRP and organization of crisis exercises.
Support
Monitoring, awareness, and training of teams to embed cyber governance durably.
/
Frequently asked questions — GRC
GRC structures cybersecurity at the organizational level by defining rules, responsibilities, and processes. It is the essential foundation before any technical project and ensures a coherent and sustainable approach.
ISO 27001 is not always mandatory, but it is often required by clients, partners, or tenders. It is a recognized framework for structuring and demonstrating cybersecurity maturity.
BCP and DRP should be defined whenever business continuity is critical. They allow you to anticipate crises and limit operational and financial impacts in the event of a major incident.
Yes. We offer awareness training tailored to different audiences, as well as certifying training through specialized partners according to needs.
Let's talk about your project
