C2C has developed a management methodology that helps IT organizations understand and refocus their efforts to the business world. This helps IT organizations gain the respect needed to be successful. The C2C methodology has been designed around ISO 38500 the latest IT Governance ISO standard and the Val-IT Framework. C2C will show you how to:

• Align IT strategy with the business strategy
• Implement cascading strategies and frameworks into the operational enterprise
• Provide organizational structures that facilitate the implementation of strategies and goals
• Implement the appropriate control framework to support IT and business goals
• Measuring IT's performance

C2C has developed and utilizes a suite of tools based on the C2C approach and methodology. These tools enable rapid assessment, measurements and management across the entire project. C2C staff are accredited as BSI approved trainers, Lead Auditors and implementers for BS 25999. In addition, C2C has held positions in large organizations and financial institutions responsible for the Disaster Recovery (DR) and BCM processes. C2C's BCP methodology has built in flexibility enabling you to easily align your organization's Business Continuity Plan to BS 25999, FFIEC, NFPA1600 and CERT with minimal effort.


Policy Mapping is the process of linking existing policies and procedures to regulations, standards and best practices. Policy mapping helps improve business process and compliance management. An effective policy mapping solution can save organizations time, cost and remediate many issues around identify compliance gaps. C2C assists compliance activities with the following approach:

• Map policies and procedures to respective Regulation(s) in a centralized, easy to use application.
• Analysis reports showing deficiencies in policies as it relates to compliance.
• Internal Assessment and Gap Analysis for each regulation leveraging a library of hundreds of pre-built automated assessments.
• Document Repository - Maintain all policies and procedures in a centralized repository.
• Policies and procedures are linked to respective Regulation(s) such that changes can be easily tracked.
• Compliance Check - Demonstrate adherence to regulations linking associated documentation and assessments to the actual requirements.

Best Practice and Standards Alignment is the process of aligning existing policies and procedures to regulations, standards and best practices. Aligning your business to best practices and standards helps to improve business process and overall corporate compliance management. An effective alignment solution can save organizations time, cost and remediate many issues around identify compliance gaps. C2C's innovative approach to aligning policies to best practices and standards creates a simplified and centralized environment that can be measured,

• Align policies and procedures to respective Best Practices and Standards in a centralized, easy to use application.
• Analysis reports showing deficiencies in policies as it relates to Best Practice and Standards.
• Internal Assessment and Gap Analysis for leveraging a library hundreds of pre-built automated best practice and standard assessments.
• Document Repository - Maintain all policies and procedures in a centralized repository.
• Policies and procedures are linked to respective Best Practice and Standards such that changes can be easily tracked.
• Compliance Check - Demonstrate adherence to Best Practice and Standards.

ITIL alignment to ISO 20000 is for companies wanting to provide a way to measure and certify that continual process improvement is occuring.

ITIL practitioners have implemented ITIL in many organizations over the years. You may think your ITIL implementation has been successful, but how do you measure completeness and ensure ongoing conformance to the processes?

Let us measure your ITIL implementation against ISO 20000 - align the results and help achieve ISO 20000 certification which provides you peace of mind, an ongoing continual improvement program and an internationally recognized certificate for ISO 20000.


C2C's innovative approach to regulations management will support the bank's compliance staff by enabling them to quickly identify, understand and remediate compliance issues. The C2C innovation covers more regulations and compliance areas than any other vendor solution. C2C can assist you with Regulatory Compliance for BSA/AML Examination Manual, FFIEC Examination Workbooks, Credit, CRA/HMDA, Deposits, Bank Operations, Privacy including GLBA, NDIP.

• Map policies and procedures to respective Regulation(s)in an easy to see interface
• Analysis reports showing deficiencies
• Internal Assessment and Gap Analysis for each regulation - C2C has pre-built banking regulations assessments for use by an easy to use assessment tool.
• Document Repository - C2C's custom built tool (Compliance Mapper) enables organizations to maintain all policies and procedures in a centralized repository linked to the respective Regulation(s).
• Compliance Check - Compliance Mapper also enables you to demonstrate adherence to regulations linking associated documentation and assessments to the actual requirements.

Governance, Risk and Compliance has many deviations. These include legal, audit, Sarbanes Oxley, GLBA, HIPAA, insurance and more. The diversity of requirements has been something vendors have struggled with until now. Many vendors have tried to reduce the overall emphasis by offering compliance solutions based purely on technology or on regulations and standards that fall outside of the jurisdictional borders of where they are in the world. These vendors combine controls into a unified framework that are not understood or approved by governmental agencies, standards bodies or laws of the land. These issues can derail any initiative and cost organizations significant amounts of money and resources without improved results. The Consult2Comply (C2C) approach will ensure the following questions are answered and a strategy is defined and implemented seamlessly;

• How do I link Environmental standards with IT standards? How do I correlate this across the organization? What happens if something changes?
• How do I link my policies and procedures?
• How do I know who to train?
• Are my projects being run effectively?
• Do I have policies implemented that contradict each other?
• What do I do when a new requirement develops? How do I integrate this into my existing framework?

If you have a Risk, Governance or Compliance question or issue and want to seek expert advice, please contact us for more information.