Governance, Risk and Compliance services

Submit Your Inquiry  
img

Our Governance, Risk, and Compliance (GRC) services encompass Assurance, Training, Senior leader workshops, Certification, and compliance services to meet and comply with national and International standards including ISO standards for Information and Cyber security.

Our team of highly acclaimed experts assists in training and capacity building for you and your team on various frameworks such as ISO 27001, ISO 22301, ISO 20000, NIST, HIPPA, IS 62553, TISAX & other Cyber Security standards. This equips your teams with the knowledge and skills necessary to contribute effectively to your organization's security posture.

We offer Gap Analysis and Compliance Assessments: Our GRC services include conducting gap analysis and compliance assessments to evaluate your current state of adherence to ISO standards. We identify areas that require improvement or alignment to meet the stringent criteria set by these internationally recognized standards.

Service offerings

Quality Austria Central Asia offers Assessment, Gap assessments, Certification, and Training covering the below standards

• ISO/IEC 27001: Information Security Management System (ISMS) - This standard specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system.

• ISO/IEC 27002: Code of Practice for Information Security Controls - Provides guidelines and best practices for selecting, implementing, and managing information security controls within the framework defined by ISO/IEC 27001.

• ISO/IEC 27005: Information Security Risk Management - Outlines principles and guidelines for information security risk management and assists organizations in managing the risks associated with information assets.

• ISO 31000: Risk Management - This standard provides principles, a framework, and a process for managing risk effectively in any organization or context.

• ISO 22301: Business Continuity Management - Specifies requirements to plan, establish, implement, operate, monitor, review, maintain, and continually improve a documented management system to protect against, reduce the likelihood of, and ensure a business's ability to recover from disruptive incidents.

• ISO 20000-1: Information Technology - Service Management - Specifies requirements for an organization to establish, implement, maintain, and continually improve a service management system (SMS).

• ISO/IEC 27017: Code of Practice for Information Security Controls based on ISO/IEC 27002 for Cloud Services - This standard offers guidelines for implementing information security controls in the context of cloud services, building on ISO/IEC 27002.

• ISO/IEC 27018: Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors - It provides guidelines for protecting personally identifiable information (PII) in the cloud, addressing privacy concerns.

• ISO/IEC 27701: Privacy Information Management System (PIMS) - This standard specifies requirements and guides for establishing, implementing, maintaining, and continually improving a Privacy Information Management System.

• ISO/IEC 21434: Road vehicles – Cyber security engineering - This standard focuses on cyber security for road vehicles, guiding engineering processes to ensure the security of automotive systems.

• TISAX - TISAX stands for "Trusted Information Security Assessment Exchange." It's a standard and assessment catalogue specifically developed for the automotive industry, focusing on information security, data protection, and cyber security

• GDPR - The General Data Protection Regulation (GDPR) is a comprehensive data protection and privacy law implemented by the European Union (EU) in May 2018. GDPR significantly strengthens data protection and privacy rights for individuals, places greater responsibilities on organizations handling personal data, and aims to create a more transparent and accountable data processing environment. Compliance with GDPR involves adopting stringent measures to ensure the lawful, fair, and secure processing of personal data, ultimately enhancing individuals' control over their information.

• DPDPA - The Digital Personal Data Protection Act (DPDPA), The Digital Personal Data Protection Act (DPDPA) is a comprehensive law that regulates the collection, processing, and use of personal data in India. The PDPB was passed as a bill in August 2023 in India.
The bill applies to both domestic and foreign companies that process the personal data of Indian citizens. For IT companies involved in cross-border transactions, the DPDPA will have a significant impact on how they collect, use, and share personal data.

By leveraging our GRC services tailored to various ISO standards for Information and Cybersecurity, your organization can establish a robust framework, enhance risk management capabilities, and demonstrate a commitment to meeting globally recognized best practices in information security.

For any queries or further information related to our services, please feel free to contact us at info@qacamail.com or +9198109 50210. We are here to assist you!

img

The rapid pace of urbanisation in India is bringing denser mega-cities which in turn need higher & bigger buildings to cater to the requirements of residential & office buildings, in addition to, educational institutes, hospitals, and modern commercial hubs.

With this transformation, the enhanced emphasis on the safety of the built environment is very obvious. Not only during construction but post construction structural audits at regular intervals are needed in this era to ensure the safety of a huge population residing & working in cities.

Seismic activity and resultant earthquakes are a real challenge for our society to keep our people safe from such natural calamities.

A society like ours, always sitting at the Verge of a major earthquake, must take it seriously to avoid loss of life and property on a huge scale. 

In such a scenario, structural audits of buildings are crucial to assess their safety, integrity, and overall structural health and capacity to withstand huge loads arising out of earthquakes.

Such structural audits help identify potential defects, deterioration, or weaknesses in the building's structure, ensuring preventive measures can be taken to avoid accidents or failures.

Regular audits contribute to public safety by addressing issues before they become serious, promoting the longevity of structures, and preventing unexpected collapses or accidents.

Needless to say, it is the job of expert professional structural engineers rather than a normal civil engineer.

In a structural audit for earthquake safety, below is the brief of activities to be typically conducted:

  • Visual Inspection:
    Assess the overall condition of the building, looking for signs of cracks, deformations, or structural damage.

  • Documentation/Drawings Review:
    Examine construction drawings and historical records to understand the building's design and construction details.

  • Material/Item Testing:
    Conduct tests on building materials to determine their strength and integrity, especially if the construction occurred a long time ago.

  • Seismic Analysis:
    Evaluate the building's response to seismic forces using computer models and seismic analysis techniques.

  • Dynamic Analysis:
    Perform dynamic testing to understand the natural frequency and dynamic characteristics of the building.

  • Assessment of Retrofitting Needs:
    Identify areas where retrofitting or strengthening is required to enhance the building's seismic resistance.

  • Review as per Local Codes and Standards:
    Ensure that the building complies with the latest seismic design codes and standards.

  • Recommendations and Mitigation Measures:
    Provide recommendations for structural improvements or retrofitting measures to enhance the building's seismic performance.

These activities collectively help in deciding whether a building is safe against earthquake forces or whether rehabilitation/retrofitting is needed to meet safety standards.