Governance, Risk and Compliance (GRC) Services

IT Governance, Risk Management and Compliance (GRC) is the overarching umbrella for services that support business processes and enable the alignment of business with IT.  GRC is a holistic, business oriented approach toward management of Information Security, based on potential impacts of identified threats and risks to the business.  Impact Makers addresses the complexity of this area while balancing protection with business needs and overall compliance.

FINAL INFO-SEC_journey-questions

Impact Makers uses a methodology that begins with the business perspective around the mission and goals of the organization.  We analyze threats, vulnerabilities and risks to those goals to identify cost-effective mitigation strategies and establish ways to monitor ongoing progress.

Service Offerings

Core GRC services include the following:

  • Information Security Program Development
    • • Policies and Procedures
    • • Organizational Structure
    • • Security Roles and Responsibilities
    • • Security Awareness and Training
    • • System and Data Classification and Criticality Analysis
    • • IS Program Maturity Assessment


  • Risk Management
    • • Business Impact Analysis (BIA)
    • • Risk Assessment (RA)
    • • Continuity Planning
    • • Disaster Recovery Planning
    • • Incident Response Planning
    • • IT Security Audit


  • Compliance
    • • HIPAA Privacy, Security and Omnibus Rules
    • • Commonwealth of Virginia IT Security Policy (SEC-519)
    • • Commonwealth of Virginia IT Security Standards (SEC-501)
    • • Commonwealth of Virginia IT Audit Standard (SEC-502)
    • • National Institute of Standards and Technology (NIST) Computer Security (800-53)
    • • Payment Card Industry Data Security Standards (PCI DSS)
    • • Industry “Best Practices”