Governance, Risk and Compliance (GRC), & Strategy
FEATURED CASE STUDY
ISO 27001 Case Study
How Canva embarked on its cyber security maturity journey and achieved ISO 27001 certification
Experience & Care
Sekuro consultants leverage years of global experience across virtually all industries to deliver practical solutions that work for you.
Compliance, Managed Compliance, and Certification
Sekuro consultants have been providing practical guidance to organisations for many years. We help meet and maintain compliance to a broad range of professional standards including ISO 27001 and 9000, PCI DSS and more…
ISO 27001 (ISMS)
ISO 27001 sets out the requirement to design and implement an Information Security Management System (ISMS) to continuously improve an organisation’s risk posture based on good risk management practices.
SOC 1, SOC 2, SOC 3
System and Organization Controls (SOC) is a reporting framework to communicate relevant information on the effectiveness of a cyber security risk management system or any other required cyber security information.
NIST CSF
The NIST Cybersecurity Framework (CSF), adopted by reputable companies such as JP Morgan Chase and Microsoft, helps businesses of all sizes to better understand, manage, and reduce their cyber security risk and protect their networks and data.
PCI DSS
Payment Card Data Security Standard (PCI DSS) is the global data security standard that any business of any size must adhere to in order to accept payment by card and either store, process, and/or transmit cardholder data.
IRAP (ISM / PSPF)
IRAP provides a framework for assessing the implementation and effectiveness of an organisation’s security controls against the Australian government’s security requirements, as outlined in the Information Manual (ISM) and Protective Security Policy Framework (PSPF).
Cloud Security Alliance STAR
Know and manage your business risks in the cloud, using the CSA’s Cloud Control Matrix (CCM) and STAR maturity model. Sekuro consultants are one of very few STAR CSA lead auditors in Australia.
APRA CPS 234 / CPS 232
APRA CPS 232: This Prudential Standard ensures the implementation of a comprehensive approach to business continuity management.
APRA CPS 234: This PPG aims to assist regulated entities in maintaining information security.
ACSC Essential 8 (E8)
Australian Cyber Security Centre’s (ACSC) Strategy to Mitigate Cyber Security Incidents, known as the Essential 8 (E8), provides a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of adversaries.
Right Fit for Risk (RFFR)
RFFR stands for Right Fit For Risk and was designed by the Department of Education, Skills and Employment (DESE) in late 2019. Sekuro offers a range of RFFR services that go from end-to-end assistance to get you certified, posture assessments, internal audits and broad advisory services tailored to your needs.
Data Governance & Privacy

GDPR & Privacy Impact Assessments
Understand your compliance with local privacy laws and associated regulations and their impact on your operations and follow your tailored action plan towards full compliance.
Our expertise covers, but is not limited to:
- GDPR (European Union)
- PDPA (Singapore)
- Privacy Act 1988 (Cth) (Australia)

Privacy Information Management System
We design and establish privacy governance and management frameworks, in compliance with the local regulations and industry standards including ISO:IEC 27001 ISMS and BS 10012:2017 Privacy Information Management System (PIMS).

Data Protection Trustmark Certification Program (Singapore)
We provide DPTM certification services to prepare your company to achieve PDPA compliance and meet Singapore’s DPTM certification requirements.

Data Protection Management Program
We journey with your company to develop and design data protection policies and processes.
Strategy, Risk & Governance
Cyber Security Health Checks
Our range of fixed price health checks are a great option to get better visibility of immediate and ongoing risks and threats within your system.
Virtual Security Office
Establish strategic cyber security approaches tailored to your company and achieve effective security operations capabilities implemented by qualified and highly experienced information security professionals.
Security Strategy Development
Protect your company with a security strategy which involves an initial assessment, planning, implementation and constant monitoring.
Security Framework Preparation
Help your company to prepare an internal security framework to develop your company's cyber security readiness.
Security Risk Assessment
Necessary risk assessments are undertaken from our large range of assessment services to keep your company protected.
Third Party Security Assessments & Management
Help your company in security assessments and management of third-party vendors.