Governance, Risk & Compliance (GRC)

Regulatory requirements and laws create special challenges for large international companies as well as for small and medium-sized companies. The requirements set by the Federal Data Protection Act (FDPA/BDSG) and the General Data Protection Regulation (GDPR) affect almost every company in Germany. In addition, there are industry-specific requirements that must be considered. In the case of financial services providers, these are the Sarbanes-Oxley Act (SOx), the Minimum Requirements for Risk Management (MaRisk) and, naturally, for KRITIS companies the IT Security Act (ITSiG or BSIG).

esatus AG helps you to meet the regulatory requirements of IT compliance, especially by implementing management systems (e.g., information security management systems according to ISO 27001, business continuity management systems according to ISO 22301 or compliance management systems according to ISO 19600). Generally, different management systems are combined in order to benefit from synergy effects. Thus, we can avoid double documentation and additional risk assessment efforts. We also support you in all data protection issues by preparing mandatory documentation or by appointing an external data protection officer. In all GRC projects, we take a risk-based approach for our measures, as risk management is a central component for all issues.

Project References

An overview of some project references related to Governance, Risk & Compliance.

Providing an external data protection officer including review of the documentation prepared for GDPR compliance.

Industry – e. g. accountancy offices, associations, software and personnel service providers
Employees – 10 to 4.000

Conception and implementation of a central GRC platform for the administration of security requirements and the centralization of GRC topics.

Industry – Finance
Employees – > 45.000

Preparation and reviewing of technical and organizational measures (TOMs) as part of a project ensuring GDPR compliance.

Industry – FMCG
Employees – > 12.000

Design and support of the new development of two applications on a central GRC platform (RSA Archer).

Industry – Finance
Employees – > 45.000

Aufbau eines ISMS nach ISO 27001 unter Berücksichtigung von Schnittstellenthemen aus dem Datenschutz.

Branche – Finanzen
Mitarbeiter – > 100

Implementation of a holistic ISMS based on the requirements of ISO 27001.

Industry – Finance
Employees – > 1.700

Creation of the documentation of processing activities, including the relevant systems and the technical and organizational measures (TOMs). Implementation of data protection training for specialists and managers.

Industry – Automotive
Employees – > 400

Your personal contact

Do you have questions about Governance, Risk & Compliance or are you uncertain about the GDPR? Get in contact with us! Call us, use the contact form or send us an e-mail to We look forward to your message!

Anna Katharina Schütz

Manager GRC
+49 6103 9029-0

Contact us now.