GENBAY

Governance, risk & compliance

GRC — Cyber & AI

Govern risk and prove compliance across both cyber and AI. We equip the teams who own governance to build and run an ISO/IEC 27001 information security management system, manage risk credibly, align with the EU AI Act and ISO/IEC 42001, and stay audit-ready across both disciplines.

Enquire about training

Overview

Governance, risk, and compliance has never been harder to do well. Cyber obligations keep tightening, AI regulation has arrived in earnest with the EU AI Act and ISO/IEC 42001, and the teams responsible are often asked to satisfy both with the same finite resources — frequently treating them as two separate programmes and duplicating the work in the process.

GRC — Cyber & AI is built to bring those worlds together. We equip your governance teams to build and operate an ISO/IEC 27001 information security management system, manage risk in a way leadership and auditors trust, and extend that same discipline to AI through ISO/IEC 42001 and EU AI Act readiness — mapping shared controls so effort is spent once, not twice.

The programme is grounded in your own registers, policies, and target certifications, with tracks for implementers, risk owners, and internal auditors, plus briefings for the executives who carry ultimate accountability. Teams leave audit-ready, with a coherent, sustainable approach to governing risk and proving compliance across both cyber and AI.

Who it's for

  • GRC, risk, and compliance professionals owning cyber and AI obligations
  • CISOs and security leaders accountable for ISMS and assurance
  • Internal audit and assurance teams preparing for certification
  • Legal, privacy, and data-protection leaders bridging cyber and AI
  • Executives and committees accountable for organisational risk

What's covered

  • Building and operating an ISO/IEC 27001 information security management system
  • Risk management — assessment, treatment, registers, and risk appetite
  • Controls, policies, and Statement of Applicability in practice
  • The EU AI Act — obligations, risk tiers, and what compliance requires
  • ISO/IEC 42001 — extending governance to AI management systems
  • Mapping shared controls across cyber and AI to avoid duplication
  • Audit readiness — evidence, internal audit, and management review
  • Third-party, supply-chain, and procured-AI risk and assurance

Format & delivery

  • Instructor-led workshops, on-site or virtual, built around your context
  • Working sessions on your own risk registers, policies, and controls
  • Tailored to your certifications, sector, and regulatory obligations
  • Tracks for ISMS implementers, risk owners, and internal auditors
  • Executive briefings for boards and accountable senior owners

Outcomes

  • A working ISMS aligned to ISO/IEC 27001 your teams can sustain
  • Risk management that is credible to leadership, auditors, and clients
  • A clear path to EU AI Act and ISO/IEC 42001 alignment
  • Confidence facing audits and certification across cyber and AI

Industry relevance

FinanceHealthcareGovernment

Frequently asked questions

Does this cover both cybersecurity and AI compliance?

Yes — that is its purpose. Many organisations treat cyber and AI governance as separate worlds and duplicate effort. We show how to run them together, mapping shared controls across ISO/IEC 27001 and ISO/IEC 42001 and meeting EU AI Act obligations within one coherent GRC approach.

Will this prepare us for ISO 27001 certification?

It will. We work through building and operating an ISMS, the controls and Statement of Applicability, and the evidence and internal-audit practices certification bodies expect, so your team is genuinely audit-ready.

We are early in our AI journey — is the AI content still relevant?

Yes. We meet you where you are, helping you understand the EU AI Act and ISO/IEC 42001 and lay the governance foundations now, before AI risk and obligations grow.

Is this aimed at technical staff?

It is aimed primarily at GRC, risk, compliance, audit, and security-leadership audiences. We run executive briefings for boards and deeper working sessions for the teams who operate the controls.

Can it be tailored to our existing frameworks?

Yes. We build the working sessions around your own risk registers, policies, and target certifications, so the programme strengthens what you already have rather than starting from scratch.

Download the datasheet

Get the full programme outline, delivery options, and example agenda as a PDF.

Ready to train your team?

Tell us about your team and we'll recommend the right courses and curriculum.

Talk to us

Related programmes