Skip to main content
Tarbh Tech

GRC & Compliance

Per-tenant monthly add-on. Requires COSAINT Complete or Strategic as base tier. ISO 27001, NIS2, GDPR coverage via Cyberday ISMS.

Requires COSAINT Complete or Strategic as base tier

Discuss Your Compliance Requirements

Three levels of compliance support

Start with the ISMS platform and policy framework. Add audit preparation and vCISO advisory as your compliance requirements grow.

GRC Foundations

ISMS platform + policy framework

10-25 seats

EUR 850 /tenant/mo

Get your ISMS running with Cyberday, ISO 27001 control mapping, and a policy library. Regular workshops to build and maintain your compliance framework.

  • Cyberday ISMS platform
  • ISO 27001 Annex A control mapping and evidence artefacts
  • Policy library setup and maintenance
  • 2x 2h workshops per month
  • Blackpoint LogIC SIEM for logging (A.8.15/A.8.16)

GRC Managed

Foundations + audit preparation

26-50 seats

EUR 1,200 /tenant/mo

Everything in Foundations plus quarterly risk reviews, vendor assessments, surveillance audit preparation, and SIEM review. For organisations actively pursuing or maintaining certification.

  • Everything in GRC Foundations
  • Quarterly workshops (risk register review, vendor assessments)
  • Surveillance audit preparation
  • SIEM/logging review

GRC Comprehensive

Managed + vCISO + multi-framework

51-100 seats

EUR 1,800 /tenant/mo

Everything in Managed plus vCISO advisory, multi-framework support, BCP documentation, tabletop exercises, and quarterly management review reports.

  • Everything in GRC Managed
  • vCISO advisory (4h/mo)
  • Multi-framework support (ISO 27001, NIS2, GDPR)
  • BCP documentation
  • Tabletop exercise facilitation
  • Quarterly management review reports

Frameworks covered

ISO 27001

International standard for information security management systems. Annex A control mapping and evidence packs included.

NIS2

EU Network and Information Systems Directive. Readiness assessment and alignment for essential and important entities.

GDPR

General Data Protection Regulation. Data protection policies, breach notification procedures, and processor management.

Technology Partners

The platforms and partners we work with to deliver governance, risk, and compliance outcomes.

Microsoft Purview Compliance Manager logo

Microsoft Purview Compliance Manager

Compliance assessment and tracking across Microsoft 365 and Azure workloads.

How we use it

We use Compliance Manager to assess each tenant against regulatory frameworks, track improvement actions, and generate compliance score reports for boards.

Learn more
Cyberday logo

Cyberday

GRC software platform for ISO 27001, NIS2, and GDPR compliance management.

How we use it

Our primary ISMS platform. We set up control frameworks, map policies to Annex A controls, and maintain living evidence libraries for audit readiness.

Learn more
Riskora logo

Riskora

GRC consulting and advisory for governance, risk, and compliance programmes.

How we use it

Our GRC advisory partner. Riskora supports complex compliance engagements, risk assessments, and board-level governance advisory beyond our standard scope.

Learn more
C-Risk logo

C-Risk

Cyber risk quantification using the FAIR methodology for board-level reporting.

How we use it

Used for clients who need financial risk quantification. We translate technical risk into monetary terms that boards and insurers understand.

Learn more

GRC & Compliance FAQ

Do I need Complete or Strategic as my base tier?
Yes. GRC & Compliance requires COSAINT Complete or Strategic as your base tier. This is because effective compliance management requires the full Microsoft security stack (Defender Suite, Purview tooling) that these tiers include. If you are on a lower tier, we will discuss upgrading as part of the GRC conversation.
What is Cyberday?
Cyberday is an ISMS (Information Security Management System) platform that manages your compliance framework digitally. It maps controls to ISO 27001 Annex A, tracks evidence, manages policies, and provides a continuous view of your compliance posture. We set it up, maintain it, and run workshops to keep it current.
Can I start with Foundations and upgrade later?
Yes. Most organisations start with GRC Foundations to establish their ISMS and policy framework, then move to Managed when they are pursuing certification or face regulatory audit requirements. Comprehensive adds vCISO advisory and multi-framework support for more complex compliance environments.
What is included in COSAINT Strategic that overlaps with GRC?
COSAINT Strategic includes the Purview Suite, Cyberday ISMS, NIS2 readiness, and vCISO advisory as part of the base tier. If you are on Strategic, you may not need a separate GRC add-on – the base tier already covers comprehensive compliance. The GRC add-on is primarily for Complete tier clients who want compliance without upgrading to Strategic.

Discuss your compliance requirements

ISO 27001, NIS2, GDPR – we will help you build and maintain the compliance framework your organisation needs.

Get in Touch

Or email us at [email protected]