top of page

Compliance and Security Consulting

The team at Gravitas has an average of 15+ years of experience in the areas of compliance and security consulting. Some of the key areas of expertise are highlighted in the below sections.

ISO/IEC 27001 is the first international standard for Information Security Management. It is one of the most sought-after certification scheme for global organizations as part of their risk management and assurance framework.

We engage with our clients as the knowledge partner to provide the support and facilitation towards the certification through:

• Subject matter expertise and guidance
• Baseline assessment and development of roadmap
• End-to-end guidance, advisory services, and facilitation

We partner with our customers in the end-to-end certification journey


The PCI DSS (Payment Card Industry Data Security Standard) is a security standard for organizations that handle card holder data. This standard came into existence by joint effort from major financial giants (American Express, Visa, Master Card, JCB and Discover Financial Services) to reduce the credit card frauds.

Gravitas has extensive experience in PCI DSS standard ensures that PCI DSS requirements are catered in a cost-effective way for organizations. The highly specialized teams at Gravitas have the capability to handle the assignment starting from initial requirement gathering till qualifying the final PCI DSS assessment by the QSA.

Information Security

Securing the business information is a critical challenge faced by global organizations. Implementing effective controls that secures and protects the business information and information assets has become a key business objective across industries.

Gravitas has a proven expertise and experience in helping organizations to assess the Information Security risks and establish adequate and cost-effective controls to protect critical and sensitive information against those risks.


Our Information Security consulting focuses on core aspects of Information Security; such as:

• Creation of awareness contents and orientation
• Assessment and Base lining
• Risk assessment and management
• Vulnerability assessments, penetration testing and application security testing
• Implementation and management of controls
• Establishing an effective Information Security Management System (ISMS)
• Best practice adoption and implementations
• Identification and prioritization of improvements
• Measurement of information security effectiveness
• Alignment and certification to ISO/IEC 27001, SOC2 etc, Cyber Essentials Plus, IASME Gold and more.
• Compliance to applicable regulations such as HIPAA, PCI DSS etc.

Data Privacy

Safeguarding personal data or information is mandatory in various countries. Organizations need to identify and adopt best practices to secure the personal data. Personal Information or PII constitutes data referring to a living individual who is or can be identified either from the data stored or processed, or from the data in conjunction with other information.

Gravitas has proven expertise and experience in helping organizations in implementing requirements set forth by various Data Privacy Laws and regulations globally such as GDPR. PIPEDA, DPA etc.

Our Data Privacy consulting focuses on core aspects such as:

• Identifying and assessing the Personal Data context
• Establishing the applicability, role and scope of organization towards data privacy and specific to any regulation
• Establishing an effective Personal Information Management System (PIMS)
• Implementation and management of controls
• Best practice adoption and implementations
• Assurance on ongoing compliance.

Business Continuity And Disaster Recovery

Organizations of all types and sizes have realized that assurance in terms of Business Continuity and Recovery is a critical factor in achievement of business objectives.

Our Services in this area covers establishment of an effective framework that provides adequate business assurance in terms of:

• Planning for abnormal business conditions
• Business Impact Analysis and Risk Assessment
• Developing and establishing a continuity and recovery strategy.
• Implementing the control measures and procedures
• Periodic re-assessment and fine-tuning of the framework
• Periodic testing and validation.
• On-going maintenance and continual improvement
• Alignment and certification to standards such as ISO 22301

Security Assessments

Whether it’s your computer network, endpoint devices or web applications – maintaining confidentiality, integrity, and availability of the service is very important. 


The vulnerability assessment service provided by Gravitas can help you identify the existing security issues in your organization. 

Gravitas has the necessary knowledge and skill set related to HIPAA security to assess your organization’s risk and to provide guidance to your organization for achieving HIPAA compliance.

The penetration testing service provided by Gravitas tests systems or applications from an attacker’s point of view.

Web application penetration testing tests your web applications to ensure they are secured from all known web-related vulnerabilities. 

bottom of page