Risk Management & Compliance Services

Identifying potential risks to your operations

Driving Value out of Your Security Investments

GraVoc helps your organization maximize the value out of security investments and ensure compliance with federal, state, and industry regulations. Our goal is to help you identify both potential risks and mitigation strategies.

Risk Management & Compliance Services Include:

Risk Assessment Services

GraVoc provides a variety of risk assessment services that help assist clients in making decisions regarding their IT infrastructure, their controls over sensitive information, and risk/reward propositions regarding overall operational risk. GraVoc also assists clients in assessing risk surrounding specific processes, operational changes, or new service offerings. GraVoc’s risk assessment process identifies risk domains to quantify inherent risk, then evaluates the strength of the controls in place at the organization and the controls’ ability to mitigate risks to an acceptable level.

Many of the risk assessment services GraVoc assists with are used as the planning phase for a new product or service offering. Like the products and services of our clients, the scope and methodology of our risk assessment services are under constant revision to keep abreast with new challenges and opportunities. We work directly with our clients to streamline the data collection and reporting process so that we can focus our attention on analysis and drive maximum value from the risk assessment process.

The most common risk assessments GraVoc performs are the IT risk assessment and the customer information risk assessment, both required for financial institutions under the Gramm-Leach-Bliley Act (GLBA). However, GraVoc’s risk assessment services have also included the following: Operational/Enterprise Risk Assessment, Multifactor Authentication, VPN/Remote Access, ACH, Merchant Card/Terminal Processing, Virtualization or Virtual Environment, System Conversion, Remote or Mobile Deposit Capture.

Social Engineering Testing Services

In many instances, the most significant threat surrounding an organization’s confidential information stems from the people chosen to both use and protect it. GraVoc’s Social Engineering Services are designed to simulate actual attacks by executing the same methodologies used by attackers.

In effect, test participants gain exposure and a better understanding of social engineering tactics without the harmful repercussions and damaging results of real-life attacks. After attempting a social engineering attack, GraVoc documents the observed results and provides a report for the client, providing recommendations and training plans.

Among the most common social engineering services demonstrated by GraVoc are: 

  • Phishing Services
  • Physical Breach
  • Pretext Calling
  • Pretext Mailer

Security Awareness Training & Program Development Services

A large challenge facing businesses of all sizes is the ability to properly protect confidential information. Particularly after the enactment of the Massachusetts Privacy Law, it is necessary for all organizations to have an information security program in place. GraVoc can assist at all levels of program development, from helping construct an information security policy, improvement of existing policies, and training employees on adherence to information security best practices. GraVoc has performed and documented training exercises for employees and board members on a variety of information security topics.

Digital Forensics & Incident Report Services

Part of an effective information security program is an organization’s ability to respond quickly and thoroughly to potential data breaches. GraVoc assists businesses in assessing whether a data breach or inappropriate use of IT resources has taken place through analyzing reports and audit trails through a series of forensic tools. GraVoc provides a report with findings, recommendations for remediation, and ways by which a similar incident can be prevented.

Disaster Recovery/Business Continuity Planning Services

At GraVoc, we work with our clients at all stages of the disaster recovery and business continuity planning process. Whether they are starting from nothing or looking to revive an outdated or insufficient plan, our clients can rely on our experience and proven methodology to guide their effort. GraVoc representatives work directly with management, department heads, process owners, and other key stake holders to build a comprehensive disaster recovery and business continuity plan.

Once complete, GraVoc will assist in conducting enterprise-wide training and testing of the DR/BCP strategy, providing all the necessary documentation for auditors and examiners at the conclusion of each session. In effect, our clients can be certain that operational, regulatory, reputational, and other risks stemming from this area have been properly addressed.

GraVoc’s Disaster Recovery Planning services and Business Continuity Planning services also provides clients with consulting for establishing and designing an effective and efficient data backup strategy that will protect information during a disaster and limit service delays.

Among the services provided in this area are:

  • DR/BCP Gap Analysis
  • DR/BCP Development
  • DR/BCP Training
  • DR/BCP Testing
  • Pandemic Event Training & Testing



We are proud to have been awarded the “Best of” award by Banker & Tradesmen for our Risk Management & Compliance and Information Security services.

Banking Consultant

Gold – 2017, 2018
Silver – 2016

Auditors, Gold

2011, 2015

Banking Technology

Gold – 2017
Silver – 2015, 2016


We are proud to  to have been awarded the “Best of” award by Banker & Tradesmen for our Risk Management & Compliance and Information Security services.

Banking Consultant

Gold – 2017, 2018
Silver – 2016

Auditors, Gold

2011, 2015

Banking Technology

Gold – 2017
Silver – 2015, 2016

Risk Management & Compliance Service Area

Risk Management & Compliance Service Area

GraVoc is located in Peabody Massachusetts, just north of Boston, and provides Information Security services including Risk Management and Compliance services, Disaster Recovery services, Business Continuity Planning services, Social Engineering services, Risk Assessments, Security Awareness Training and Digital Forensics services to businesses and organizations in the New England area. GraVoc’s Information Security employees hold certifications in CCNA Security, CISM, CISA, CRISC, C|EH, CISSP, and E|CIH. Below is a list of our Massachusetts and New Hampshire service area. GraVoc also provides Information Security services in Connecticut, Maine, Rhode Island and Vermont but are not limited to these states.

Massachusetts Risk Management & Compliance Service Area:

Acton, Amesbury, Andover, Arlington, Ashby, Ashland, Ayer, Bedford, Belmont, Beverly, Billerica, Boston, Boxborough, Boxford, Burlington, Cambridge, Carlisle, Chelmsford, Chelsea, Concord, Danvers, Dracut, Dunstable, East Boston, Essex, Everett, Framingham, Georgetown, Gloucester, Groton, Groveland, Hamilton, Haverhill, Holliston, Hopkinton, Hudson, Ipswich, Lawrence, Lexington, Lincoln, Littleton, Lowell, Lynn, Lynnfield, Malden, Manchester by the sea, Marblehead, Marlborough, Maynard, Medford, Melrose, Merrimac, Methuen, Middleton, Nahant, Natick, Newbury, Newburyport, Newton, North Andover, North Reading, Peabody, Pepperell, Reading, Revere, Rockport, Rowley, Salem, Salisbury, Saugus, Sherborn, Shirley, Somerville, Stoneham, Stow, South Boston, Sudbury, Swampscott, Tewksbury, Topsfield, Townsend, Tyngsborough, Wakefield, Waltham, Watertown, Wayland, Wenham, West Newbury, Westford, Weston, Wilmington, Winchester, Winthrop and Woburn.

Our Massachusetts Risk Management & Compliance Service Area Also Includes: Barnstable County, Berkshire County, Bristol County, Dukes County, Franklin County, Hamden County, Hampshire County, Nantucket County, Norfolk County, Plymouth County and Worcester County.

New Hampshire Risk Management & Compliance Service Area:

Amherst, Andover, Atkinson, Auburn, Boscawen, Bow, Bradford, Brentwood, Candia, Canterbury, Chester, Concord, Danbury, Danville, Deerfield, Derry, Dunbarton, East Kingston, Epping, Epsom, Exeter, Franklin, Fremont, Greenland, Hampstead, Hampton Falls, Hampton, Henniker, Hill, Hooksett, Hopkinton, Kensington, Kingston, Loudon, Lyndeborough, New Castle, New London, Newbury, Newfields, Newington, Newmarket, Newton, Northfield, North Hampton, Northwood, Nottingham, Pembroke, Pittsfield, Plaistow, Portsmouth, Raymond, Rye, Salem, Salisbury, Sandown, Seabrook, South Hampton, Stratham, Sutton, Warner, Webster, Wilmot and Windham.

Our New Hampshire Risk Management & Compliance Service Area Also Includes: Hillsborough County, Rockingham County and Cheshire County.

Information Security News

IRS Issues Warning Against Unusual Phishing Scheme

The Internal Revenue Service is warning taxpayers of an unusual phishing scheme that is going around this tax season. Using stolen data obtained by tax professionals, criminals are filing fraudulent tax returns and depositing them into actual taxpayers’ bank accounts.

read more


Have a question or want to discuss our Risk Management & Compliance services? Contact a GraVoc employee below by filling out the form!

Pin It on Pinterest