Cybersecurity GRC — Implementation, Not Just Advice
ISO 27001, NESA / UAE IA V2, PDPL, and formal risk programs — delivered hands-on by an ISO 27001 Lead Auditor and GRC Mastery practitioner. We implement. Accredited certification bodies certify. Never both.
Flagship services — available now
Every engagement led by Manoj Prabhakaran, ISO 27001 Lead Auditor. Prices published — scoping call gives you a written quote within 48 hours.
ISO 27001 Implementation & Certification Support
End-to-end from policy authoring to accredited-body audit.
ISO 27001 Gap Assessment
Current-state assessment + prioritised remediation roadmap.
NESA / UAE IA V2 Gap Assessment
UAE national standards — full controls assessment for govt-adjacent clients.
UAE PDPL Compliance Advisory
Data mapping, privacy notices, consent, breach-notification process.
Risk Assessment & Risk Register Build
ISO 27005-aligned, quantitative where appropriate. Standalone or ISO 27001 sub-deliverable.
Year 2 — 2027 roadmap
Planned additions. Join the waitlist and we'll email you 30 days before each service launches.
Incident Response Retainer
Monthly retainer for IR SLA, playbook maintenance, and annual exercise. Your IR team on speed-dial.
ISO 27701:2025 (Privacy Information Management)
Privacy management systems layered on ISO 27001. Natural upsell as UAE PDPL enforcement tightens.
NIST CSF 2.0 + Board Risk Reporting
Structured risk programs with appetite statements, registers, and quarterly board reports.
vCISO / Fractional CISO Retainer
Monthly fractional CISO for mid-market organisations not ready for a full-time hire.
PCI DSS v4.0
Payment card compliance — launching if fintech is our Year-1 vertical anchor.
Dubai ISR v2
Dubai Government information security regulation — government-adjacent and supplier contracts.
Third-Party Risk Assessment
Scalable vendor security assessment service. Mandated by UAE IA V2 and ISO 27001.
Year 3 — 2028 roadmap
Advanced and regional expansion. Join a waitlist if you want first access.
NCA ECC + SAMA CSF
Saudi Arabia market entry — NCA Essential Cybersecurity Controls + SAMA financial framework.
COBIT 2019
Enterprise IT governance for banks, telcos, and government. C-suite engagement.
ISO/IEC 42001 — AI Governance
First-mover AI governance advisory in UAE — Every large client deploying AI; none have governance yet.
DORA / NIS2
EU financial and critical-infrastructure directives. Demand-pull only — EU-linked clients.
Why GRC matters for UAE
Enforcement is moving from paper to penalty. A written policy isn't a program.
UAE PDPL is in active enforcement. NESA / UAE IA V2 assessments are being run across semi-government and regulated sectors. ADHICS compliance is mandatory for Abu Dhabi healthcare providers. Dubai ISR v2 is a gate for any Dubai government supplier. Every one of these frameworks needs implementation, not more advice.
Our team has lived inside these standards — not just read them — and we deliver hands-on programmes that end with audit-ready evidence and operational controls, partnered with accredited certification bodies where a certificate is required. Never both implementer and certifier. Never a conflict of interest.
We're pursuing our own ISO 27001:2022 certification in 2026 — the same program we deliver to clients, applied to ourselves first.
Have an upcoming audit, a compliance directive, or a client asking for ISO 27001?
Book a free 30-minute scoping call. We'll scope your program, give you a written quote within 48 hours, and show you exactly what's involved — without the consultancy runaround.
