We implement and manage your compliance programme from start to finish — GDPR, RGPC, NIS2, DORA, ISO 27001, TISAX, etc. — with a multi-specialist team allocated a few hours per week or days per month. We bridge Client, Consultant and Auditor and execute the recurring tasks your internal team cannot absorb. Result: sustainable compliance, on-time delivery and reduced risk.
Limited time and internal resources
Growing regulatory complexity
Plans exist, but day-to-day execution stalls
Shared team: CCOaaS Lead + PMO (bridge) + Analyst(s) + ad hoc SMEs (DPOaaS, CISOaaS, legal)
Governance & execution: weekly runbooks, monthly reporting, quarterly reviews
Coordenação total: cliente ↔ consultor ↔ auditor
Actual deliverables: policies, procedures, records, evidence, training, internal audit, CAPA.
RGPD/GDPR, RGPC (PT), NIS2, DORA, Whistleblowing Directive (UE), ISO 27001/27701/37301/37001,/42001/13485/9001, TISAX, etc…
Onboarding (30–45 dias): discovery, levantamento documental, matriz RACI, plano 90 dias
Operational pace:
Weekly: 30–45-minute meeting, decisions, unblocking issues, execution
Monthly: KPI report, light internal audit, risk update
Quarterly: QBR with roadmap, tests/simulations
Tools: iComply (multi-framework), iBlow (WORM reporting channel), M365/Google integrations, Jira/Asana, Confluence/SharePoint
Governance: policies, procedures, records, compliance schedule, RACI matrix
Operation: evidence, checklists, training and records, incident management
Audit: readiness, on-site/remote support, plans, CAPA.
