Get a quote
About GRC Solutions

About GRC Solutions

GRC Solutions is a global cyber security, data privacy and risk management consultancy, headquartered in the UK and operating across the UK, Europe and North America.

We help organisations of all sizes protect their data, meet their compliance obligations and build the resilience they need to operate with confidence in an increasingly demanding threat and regulatory environment.

We treat information security as a core business issue, not an IT add-on.

Our heritage

Founded as IT Governance Ltd in 2002, GRC Solutions has more than two decades of heritage in cyber security, data privacy and governance, risk and compliance.

Our roots go back to 1997, when our founders implemented the world’s first ISMS (information security management system) certified to BS 7799 – the precursor to ISO 27001.

Over the following two decades, we grew into a full-service consultancy, training and security testing firm with operations in the UK, Ireland and the United States. ISO 27001 has been central to our work since the Standard’s earliest days, and that same commitment to practical, evidence-based security still defines how we operate.

In 2024, the business was acquired by Bloom Equity Partners, bringing new investment and strategic ambition. We rebranded as GRC Solutions and expanded our capabilities through the acquisition of BSI Group’s DTC (Digital Trust Consulting) division – adding specialist assurance and certification expertise to our existing portfolio.

Today, GRC Solutions combines that depth of heritage with the investment and ambition to serve a new generation of organisations navigating an ever-more-complex security and compliance landscape.

Our track record

Our track record spans over two decades and more than:
  • 20,000 ISO 27001 certification projects supported – a standard we have been implementing since its earliest days.
  • 30,000 people trained across our cyber security, data privacy and compliance courses.
  • 700 penetration tests carried out each year by our CREST and CHECK-accredited security testing teams.
  • 4,000 security consultancy days delivered annually across the UK, Europe and North America.
  • 1,500 cyber security projects delivered to clients across twelve sectors.
  • 1,000 GB of DSARs (data subject access requests) processed this year, supporting clients with their UK GDPR obligations.

Our clients

We are privileged to work with individuals and organisations across every sector, from global brands to specialised teams with highly specific requirements.

This diversity gives us a deep understanding of the different pressures, expectations and regulatory demands faced by each industry.

Because our service offering is broad and flexible, we can tailor our support to match the maturity, structure and goals of each client. Whether you need targeted guidance for a single project or a long-term partner to strengthen your organisation’s approach to risk, privacy or compliance, we align our expertise with what matters most to you.

What remains consistent is our commitment to clarity, practicality and measurable results helping every client make confident decisions and achieve meaningful outcomes.

People standing around a desk in an office

How we are different

Most organisations have to piece together their security and compliance support from multiple suppliers.

GRC Solutions provides everything: consultancy, penetration testing, training, toolkits, compliance software, e-learning and fixed-price implementation packages.

What sets us apart is our combination of breadth and depth. Our solutions span the full range of governance, risk and compliance requirements, delivered by specialists who work on real problems at real organisations every day. We understand the pressure created by evolving threats, tightening regulations and stretched internal teams. Everything we deliver is designed to reduce that pressure: clear controls, clear priorities and outcomes that hold up under scrutiny.

We serve an international client base, with operations in the UK, Ireland, Europe and the United States. Whether you are starting from scratch or building on what you already have, our solutions are designed to fit your organisation’s context, budget and maturity – not to force you into a template.

Our values

At the heart of our company are our core values:
  • We partner for success
    Do what it takes, sweat the details, support our clients and each other. For clients, that means a team that stays engaged beyond the handover – because lasting resilience is built through ongoing partnership, not one-off engagements.
  • We do the right thing
    Act with integrity, deliver on commitments. For clients, that means transparent advice, honest assessments and recommendations that put their interests first.
  • We are curious
    Always improving, always exploring new ways to solve problems. For clients, that means solutions built on current best practice – and a team that anticipates where threats and regulations are heading, not just where they are today.
  • We are already on it
    Go the extra mile, anticipate risks, execute with pace. For clients, that means deadlines met, issues flagged early and a partner that matches their urgency when it matters most.
  • We challenge, commit and fail fast
    Focus on solutions, embrace change, learn quickly. For clients, that means the confidence to try approaches that fit their specific situation – and the rigour to adjust course when something isn’t working.
  • We are accountable
    Own the result, no excuses. For clients, that means a named team, clear deliverables and a supplier that stands behind its work.

Our leadership

GRC Solutions is led by CEO Iftikhar Ahmed and a management team with deep experience across cyber security, data privacy, professional services and technology.

Between them, they bring decades of expertise working with organisations across multiple sectors and jurisdictions – from FTSE 100 companies and global financial institutions to government bodies and fast-growing technology firms.