Governance, Risk & Compliance (GRC)

Regulatory requirements and laws create special challenges for large international companies as well as small and medium-sized companies. The Federal Data Protection Act (FDPA/BDSG) and the General Data Protection Regulation (GDPR) are requirements that affect almost every company in Germany. In addition, there are industry-specific requirements that must be considered. In the case of financial services providers, these are the Sarbanes-Oxley Act (SOx), the Minimum Requirements for Risk Management (MaRisk) and, for KRITIS companies, of course, the IT Security Act (ITSiG or BSIG).

esatus AG helps you to meet the regulatory requirements of IT compliance, especially by implementing management systems (e.g. information security management systems according to ISO 27001, business continuity management systems according to ISO 22301 or compliance management systems according to ISO 19600). In order to efficiently use synergy effects of different regulatory requirements, different management systems are usually combined. Through this integration, we avoid double documentation and risk assessment efforts. In addition, we support you in all data protection issues by preparing mandatory documentation or by appointing an external data protection officer. In all GRC projects, we take a risk-based approach to our measures, as risk management is a central component for all issues.

Project References

An overview of some project references related to Governance, Risk & Compliance.

Providing an external data protection officer including review of the documentation prepared for GDPR compliance.

Industry – e. g. software and personnel service providers, accountancy offices, associations
Employees – 10 to 4.000

Conception and implementation of a central GRC platform for the administration of security requirements and the centralization of GRC topics.

Industry – Finance
Employees – > 45.000

Preparation and reviewing of technical and organizational measures (TOMs) as part of a project ensuring GDPR compliance.

Industry – FMCG
Employees – > 12.000

Design and support of the new development of two applications on a central GRC platform (RSA Archer).

Industry – Finance
Employees – > 45.000

Implementation of an information security management system based on ISO 27001, considering interface issues from data protection.

Industry – Finance
Employees – > 100

Implementation of a holistic ISMS based on the requirements of ISO 27001.

Industry – Finance
Employees – > 1.700

Creation of the documentation of processing activities, including the relevant systems and the technical and organizational measures (TOMs). Implementation of data protection training for specialists and managers.

Industry – Automotive
Employees – > 400

Your Contact Person

Do you have questions about Governance, Risk & Compliance or are you uncertain about the GDPR? Get in contact with us! Call us, use the  contact form or send us an e-mail to We look forward to your message!

Carsten Eichhöfer

Manager Business Development
+49 6103 90295-0

Contact us now.