GRC – Governance, risk management
and compliance

Become compliant with your business – we create a connection between GRC and your business goals.

We think ahead – constantly

You never know who the next target of cybercriminality will be. But one thing is sure – we want to do our part to make sure it is not you.
We are constantly thinking ahead. Only in that way does your company get the right protection.

How long do you dare to wait?

We are ready to help you. At ICY Security, we have a range of IT security specialists who are ready to support you in getting the GRC that is right for you. We have tremendous specialist knowledge and a wide array of methods and competencies.

It is important that there is a connection between cybersecurity and your daily operations.

Call us today to learn how we can help you.

Companies’ current challenges

Our experience shows that all companies today face the following challenges:

  • Identification of the right level of IT security
  • Acting on changes in the existing risks as a result of new business models
  • Increased and complex threats from the world of cybercriminals

In addition, companies must now observe ever more legislation such as the EU’s General Data Protection Regulation (GDPR). Some utility companies (electricity and gas) must comply with Danish statutory order 515 on IT contingency requirements.

What is your basis for considering Security Compliance?
Extend each phase and read more about your possibilities.


You get a critical overview of your current and future business and risk picture

ICY Security Services

ICY Security provides full-coverage GRC.
We create the right solution for you on the basis of our experience in identifying threats and risks within information security.

You get a tailored method based on analysis and risk assessment. ICY Security makes sure you get the right level of security within an effective financial framework and time line.

The method is aimed at protecting business critical data and systems and to protect the business’s operating activities.

Learn more about our GRC methods

ICY Security’s method is well-tested and is used for all information-related work. This could be, for instance a GDPR compliance project, the establishment of an IT contingency plan or of a management framework for your business’s work on information security and cyber.

The tools used in the different phases are naturally different from project to project.
For example, we apply best practice from:

  • IAPP for resolving GDPR projects
  • ISO27001/27002 when establishing management frameworks in information security
  • SANS Critical Security Controls when implementing or measuring the effect of technical IT security controls
  • ITIL framework tied with ISO27001 when creating effective processes for information security
  • OWASP when security in the IT development process needs improvement.

We are ready to help

In order to deliver solid and sure solutions to our customers, we have strengthened our specialist knowledge in IT security, with focus on business value.

Our consultants are all experienced with certifications in, e.g.:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Privacy Manager (CIPM / IAPP)
  • Certified Information Security Manager (CISM)
  • Certified Chief Information Security Officer (CCISO)
  • Certified Information Systems Auditor (CISA)

Our consultants are also trained as ethical hackers (EC Council Certified Ethical Hacker), so we are able to conduct vulnerability tests, classic penetration tests or blue team/red team tests.

Cross the finish line with EU GDPR

How does the new EU regulation affect your business?  Can you, e.g. document how you store data – and what you use it for?
In May 2018, the EU implemented stricter rules for what is considered personal data and the requirements regarding how your company processes that data.
You get consulting and solutions for implementing the new requirements – for instance process documentation, project management, security governance and support for implementing either all or some technical controls, so your processing security of personal data improves.
We are ready to help you.