Safetech Innovations Webinar: Fundamentals of Sustainable Performance – Governance, Risk Management and Compliance (GRC)
On September 17, 2025, Safetech Innovations hosted the webinar “Fundamentals of Sustainable Performance: Governance, Risk Management and Compliance (GRC)”, held by Cătălin Gherghiceanu, Presales Manager. The webinar highlighted the importance of aligning the cybersecurity strategy with business objectives, showing that security should not be seen only as a cost center, but as a factor that directly contributes to the achievement of organizational goals.
In a context marked by the exponential increase in uncertainties – the frequency of major events with high uncertainty has doubled since 1990, according to McKinsey – companies must develop resilience, simulate scenarios to maintain staff training and respond to increasingly stringent regulations such as NIS2, DORA or the Cyber Resilience Act (CRA). At the same time, the high interconnectivity between organizations and suppliers amplifies the risk of attacks spreading along the supply chain, while the lack of specialists pushes companies to use outsourced services more and more often.
Starting from these realities, Safetech Innovations highlighted the need to build security strategies that cover scenarios that are difficult to predict in the past and that meet both the needs of stakeholders and critical business processes. Defining organizational flows helps identify critical functions to protect, available resources, and potential entry points for attacks. Added to these are the obligations of organizations, whether imposed by regulations or voluntarily assumed through standards and contracts, whose level of compliance is measured by Key Compliance Indicators (KCI). An effective security strategy must therefore be thought of as an integrated mechanism, which directly supports performance and business objectives and integrates all these impact factors.
Continuity of critical processes/functions, zero priority in the Governance, Risk Management and Compliance (GRC) framework
During the webinar, Cătălin Gherghiceanu presented how international standards define GRC concepts, and detailed, concretely, what are the basic activities and processes that must be carried out within each one.
The Safetech expert stressed that a GRC process dedicated to cybersecurity is essential, but should not be kept in isolation, but integrated into the organization’s overall governance framework. The link is direct: any security breach is immediately reflected on the business, affecting critical systems and, implicitly, business objectives. The consequences can mean financial losses, fines, or permanent reputational damage. A cybersecurity GRC process, integrated into corporate GRC, is also necessary because regulations and standards such as GDPR, NIS2, DORA or ISO 27001/22301 require specific controls, tests and continuity plans. In addition, large volumes of supervisory and reporting activities – from pen-tests, DR drills and tabletop exercises – must be coordinated in a unified manner and presented directly to the board and management committees.
“Very often, lately, there is talk about NIS2, and most organizations want to make sure they are compliant – a very good approach, which we welcome and in which we try to support them. However, we believe that the top priority should be to ensure the continuity of critical processes and functions that support the organization’s business objectives, and subsequently, of course, compliance. From our experience, when the first goal is effectively achieved, compliance with various regulations is, to a large extent, already ensured,” said Cătălin Gherghiceanu.
Why implement GRC through an Information Security Management System (ISMS)?
The presentation briefly highlighted the process of implementing a GRC framework, emphasizing the need to define key functions and roles (CISO, CRO – Chief Risk Officer, Audit Committee, DPO – Data Protection Officer, NIS2 responsible, etc.), and to establish standardized governance, risk management and compliance processes and activities, aligned with good practices and standards (ISO 27001, COBIT, ISO 27005, NIST RMF, GDPR, PCI-DSS, DORA or NIS2). In addition, it is essential to use specific indicators and metrics (KPI, KRI, KCI) to measure the effectiveness of the implementation.
Safetech’s recommendation is to operationalize the GRC framework through an ISMS, staged according to 27001:2022 or NIST Cybersecurity Framework 2.0. Cătălin Gherghiceanu also recalled that, according to DNSC, the average damage generated by a security incident in Romania exceeds EUR 150,000, and according to the Ministry of Digitalization, approximately 25,000 cyber attacks occur daily, with an average frequency of one major incident per month. In this context, the implementation of an ISMS is fully justified.
Arguments for ISMS outsourcing and the benefits of collaborating with Safetech Innovations
Safetech Innovations provides teams with certified personnel (CISM, CRISC, ISO 27001, CEH, etc.) and with experience in several market verticals and expertise in various industries and technologies (IT, OT, financial-banking), ensuring objectivity through independence from the organization’s processes, compared to an internal team. By using shared resources, such as GRC platforms and testing labs, costs are reduced, and services can also be accessed on a subscription basis, with the possibility of increasing the frequency of assessments as the business expands.
External teams are mobilized quickly, without long onboarding, comply with regulatory requirements (Safetech auditors are DNSC, BNR, ASF certified, etc.) and provide benchmarks and optimization recommendations, benefiting from the experience gained in hundreds of similar projects, national and international. The Safetech Innovations approach also guarantees the avoidance of under/over-sizing of protection measures, based on the establishment of risk appetite/risk tolerance (the level and type of risk that an organization is willing to assume) and an impact analysis (BIA), which prioritizes critical business processes.
Safetech Innovations provides both cybersecurity services and technical solutions, covering all stages of the implementation and management of a complete ISMS framework.
“We can start from the initialization phase of an ISMS, where we offer GRC consulting services that help the company better define its context, policies and procedures for basic information security. We offer services and solutions for the stages of risk analysis, design/implementation of control measures, security operations and incident management, monitoring, testing and implementation of corrective operations. These include personal training services and solutions for incident management and reporting, such as Extended Detection and Response (XDR) and Security Information and Event Management (SIEM)” , added the manager from Safetech Innovations.
We invite you to watch the full presentation in the video recording of the webinar “Fundamentals of Sustainable Performance: Governance, Risk Management and Compliance (GRC)”.
Safetech Innovations offers a complete portfolio of services, covering all the components necessary for an Information Security Management System (ISMS), including GRC (governance, risk and compliance), consultancy, implementation and maintenance of cybersecurity systems, security testing, ISMS audit and SOC outsourcing.
Through STI CERT – its own SOC team, with continuous activity for over 10 years – Safetech Innovations ensures continuous monitoring 24/7, with the support of more than 30 experts organized on three levels of expertise. Its professionalism was internationally recognized in 2024, when STI CERT was included in the Top 250 MSSPs made by MSSP Alert, occupying the highest position among Romanian companies.
With a solid experience in the local and international market, Safetech Innovations is a reliable partner in cybersecurity.
For more information, you can contact us at sales @ safetech.ro or by phone at +40 21 316 0565.