Sam McNicholls-Novoa on CyberComply

Making compliance easy with our Cloud-based solution

CyberComply is a Cloud-based, end-to-end solution that simplifies compliance with a range of cyber security and data privacy standards and laws, including ISO 27001, the GDPR (General Data Protection Regulation), and more.

This SaaS (Software as a Service) will help you manage all your cyber security and data privacy obligations in one place. You will gain immediate visibility into critical data and key performance indicators, and stay ahead of regulatory changes.

Recently, CyberComply has seen some major updates. But we’re not done yet – the development team is working hard behind the scenes on a range of new features.

To find out more, we’re sitting down with Sam McNicholls-Novoa for a chat.

Could you tell us a bit about what you do for the Group?

Sure. I’m Sam, and I’m the product marketing manager for CyberComply. I work closely with our customer success team, product owner, developers and executives to create a product-led strategy for our software.

I’m responsible for improving the customer onboarding experience, carrying out competitor research and for the ongoing development of our go-to-market plan. I also work on data analytics, design and web development projects.

Why should organisations choose CyberComply?

We want to make compliance easy for our customers. They can stay focused on their core business while we help them build operational excellence.

Essentially, we want to help them put the highest standards of cyber security and data protection in place, so they can build trust with their customers, partners and other stakeholders, but without the typical burdens that come with compliance.

More than that, our platform isn’t limited to ISO 27001, or even a handful of standards and regulations. It can help organisations meet a very large range of requirements, including but not limited to:

  • International standards, including ISO 9001, ISO 14001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27701 and ISO 31000;
  • UK standards and regulations, including Cyber Essentials, the UK GDPR, the NIS Regulations and the DSP Toolkit;
  • EU standards and legal requirements, including the EU GDPR, Europrivacy™/®, DORA and NIS 2; and
  • US laws and frameworks, including HIPAA, the NIST CSF, the NYDFS Cybersecurity Regulation, SOC 2, the CMMC, the new SEC rules on cyber security, various US breach reporting and privacy regulations, and many more.

Our research has found that a typical medium-sized organisation must comply with at least six different regulations.

With that in mind, because we cover so many different requirements – and our database will only continue to expand – users don’t have to look elsewhere if they initially come to us for just ISO 27001 support, for example. They can stay on the same platform as they add more and more frameworks, all the while continuing to focus on their core business activities.

The cyber landscape is famously a fast-paced one. How do you help customers keep up with it, while making sure that compliance remains easy?

We’re continuing to add frameworks as new ones are released. But more importantly, when an existing standard or regulation on our platform is updated, we are quick to update CyberComply too – like we did for the 2022 version of ISO 27001.

Basically, when the landscape changes, so do we. We’re committed to keeping our clients up to date, helping them maintain their compliance while also continually improving their security posture.

Another obvious example is AI. This new technology has exploded this year, which has huge implications for the security and privacy landscape. No doubt, this will lead to new regulations to further complicate the landscape.

In fact, we’re already seeing early signs of this: the recent deal between the European Council and European Parliament on harmonised AI rules, for example. Or the joint guidelines for secure AI system development released by the UK NCSC [National Cyber Security Centre] and US CISA [Cybersecurity and Infrastructure Security Agency] at the end of November.

What else makes CyberComply special?

It sits under GRC International Group, the parent company of Vigilant Software and IT Governance. This makes us uniquely positioned as a one-stop shop, allowing customers to come to one place to meet all their GRC [governance, risk and compliance] needs, ranging from software, to books, training courses, consultancy services, and more. The Group as a whole is committed to making compliance as easy and cost-efficient as possible.

In fact, CyberComply has been expanding to help make compliance even easier for customers. For instance, we recently integrated DocumentKits, the platform that hosts our documentation toolkits, with CyberComply. So now, when someone purchases a CyberComply subscription, they also automatically get access to all our toolkits.

What other new features can we expect?

We’re looking to integrate several of the Group’s other offerings into CyberComply, including:

  • Our elearning platform;
  • Our Cyber Essentials portal;
  • A book subscription model; and
  • A portal for reports, to support consultancy engagements.

We’re planning a lot more than that, but that should give you a good sense of how we’re making CyberComply a true one-stop shop, where organisations can meet all their GRC needs.

What’s the next stage in your roadmap?

Our development team is working on completing our end-to-end solution for ISO 27001. CyberComply already offers tools for risk assessment, asset management, documentation management and incident management. To complete the set, we’ll be releasing a gap analysis tool, an audit manager, and additional tools to make it easier for team members involved in an ISMS [information security management system] to collaborate.

Beyond that, we’re also completing our end-to-end solution for GDPR compliance, plus we hope to launch new solutions for DORA, Europrivacy and possibly the new SEC cyber security rules within the next six months. Within the next 12 months, we hope to start working on solutions for the CMMC, SOC 2, the DSP Toolkit, the CPRA and HIPAA.

In the near future, we’re hosting a launch event, which we’ll be sharing more details on in due course. But for now, I strongly recommend giving CyberComply a go – you can try it out for free!


Make compliance with cyber security requirements and data privacy laws simple and affordable:

  • Reduce dependence on individuals: put your trust in CyberComply.
  • The number one software for GDPR compliance.
  • Reduce data security risks with agility and efficiency.