About GRC Solutions
We help organisations of all sizes protect their data, meet their compliance obligations and build the resilience they need to operate with confidence in an increasingly demanding threat and regulatory environment.
We treat information security as a core business issue, not an IT add-on.

Our heritage
Our roots go back to 1997, when our founders implemented the world’s first ISMS (information security management system) certified to BS 7799 – the precursor to ISO 27001.
Over the following two decades, we grew into a full-service consultancy, training and security testing firm with operations in the UK, Ireland and the United States. ISO 27001 has been central to our work since the Standard’s earliest days, and that same commitment to practical, evidence-based security still defines how we operate.
In 2024, the business was acquired by Bloom Equity Partners, bringing new investment and strategic ambition. We rebranded as GRC Solutions and expanded our capabilities through the acquisition of BSI Group’s DTC (Digital Trust Consulting) division – adding specialist assurance and certification expertise to our existing portfolio.
Today, GRC Solutions combines that depth of heritage with the investment and ambition to serve a new generation of organisations navigating an ever-more-complex security and compliance landscape.

Our track record
- 20,000 ISO 27001 certification projects supported – a standard we have been implementing since its earliest days.
- 30,000 people trained across our cyber security, data privacy and compliance courses.
- 700 penetration tests carried out each year by our CREST and CHECK-accredited security testing teams.
- 4,000 security consultancy days delivered annually across the UK, Europe and North America.
- 1,500 cyber security projects delivered to clients across twelve sectors.
- 1,000 GB of DSARs (data subject access requests) processed this year, supporting clients with their UK GDPR obligations.
Our credentials








Our clients
This diversity gives us a deep understanding of the different pressures, expectations and regulatory demands faced by each industry.
Because our service offering is broad and flexible, we can tailor our support to match the maturity, structure and goals of each client. Whether you need targeted guidance for a single project or a long-term partner to strengthen your organisation’s approach to risk, privacy or compliance, we align our expertise with what matters most to you.
What remains consistent is our commitment to clarity, practicality and measurable results helping every client make confident decisions and achieve meaningful outcomes.

How we are different
GRC Solutions provides everything: consultancy, penetration testing, training, toolkits, compliance software, e-learning and fixed-price implementation packages.
What sets us apart is our combination of breadth and depth. Our solutions span the full range of governance, risk and compliance requirements, delivered by specialists who work on real problems at real organisations every day. We understand the pressure created by evolving threats, tightening regulations and stretched internal teams. Everything we deliver is designed to reduce that pressure: clear controls, clear priorities and outcomes that hold up under scrutiny.
We serve an international client base, with operations in the UK, Ireland, Europe and the United States. Whether you are starting from scratch or building on what you already have, our solutions are designed to fit your organisation’s context, budget and maturity – not to force you into a template.

Our values
- We partner for success
Do what it takes, sweat the details, support our clients and each other. For clients, that means a team that stays engaged beyond the handover – because lasting resilience is built through ongoing partnership, not one-off engagements. - We do the right thing
Act with integrity, deliver on commitments. For clients, that means transparent advice, honest assessments and recommendations that put their interests first. - We are curious
Always improving, always exploring new ways to solve problems. For clients, that means solutions built on current best practice – and a team that anticipates where threats and regulations are heading, not just where they are today. - We are already on it
Go the extra mile, anticipate risks, execute with pace. For clients, that means deadlines met, issues flagged early and a partner that matches their urgency when it matters most. - We challenge, commit and fail fast
Focus on solutions, embrace change, learn quickly. For clients, that means the confidence to try approaches that fit their specific situation – and the rigour to adjust course when something isn’t working. - We are accountable
Own the result, no excuses. For clients, that means a named team, clear deliverables and a supplier that stands behind its work.

Our leadership
Between them, they bring decades of expertise working with organisations across multiple sectors and jurisdictions – from FTSE 100 companies and global financial institutions to government bodies and fast-growing technology firms.
Our areas of expertise
GRC Solutions provides specialist support across the full governance, risk and compliance spectrum – from ISO 27001 implementation and penetration testing to data protection, PCI DSS compliance, AI governance and beyond.
Whatever your starting point, we have the expertise, the accreditations and the track record to help you move forward with confidence.