GRC & Information Security Advisory
Independent GRC consulting and external audit services for organisations navigating ISO 27001, SOC 2, PCI-DSS, DPDP, GDPR, HIPAA and COBIT — with 20+ years of practitioner experience.
Why Teluge Consulting
01 —
Every recommendation comes from real audit experience across IT services, banking, and fintech — not textbooks. We've sat on both sides of the audit table.
02 —
Structured implementation support that maps directly to auditor expectations. We build ISMS, BCP, and QMS that survive Stage 2 scrutiny.
03 —
As an independent consultant, our only obligation is to your organisation's genuine compliance posture — not to certification bodies or tool vendors.
What We Do
End-to-end GRC support — from gap assessments through certification readiness to external auditing.
— 01
Full ISMS design — gap analysis, risk assessment, Annex A control selection, policy development, Stage 1 & 2 preparation.
→— 02
Type I and Type II readiness across all five Trust Service Criteria — Security, Availability, Processing Integrity, Confidentiality, and Privacy. Control mapping matrices, evidence collection frameworks, and auditor liaison support throughout the assessment period.
→— 03
Assessment and remediation aligned to PCI-DSS v4.0. Scoping, SAQ guidance, and evidence preparation.
→— 04
Data privacy compliance for DPDP Act 2023, GDPR, and HIPAA. Privacy impact assessments and policy design.
→— 05
BCMS design — BIA, BCP documentation, exercise programmes, and certification audit support.
→— 06
Stage 1 and Stage 2 certification audits, surveillance audits, Re-Certification audits conducted as a contract auditor under accredited certification body. Also independent pre-certification audits to identify gaps before your formal assessment. ISO certificates are issued by the certification body — not by Teluge Consulting.
→— 07
Selection, configuration, and rollout of GRC management platforms — translating your compliance programme into structured, auditable, and automated workflows. We bridge the gap between framework requirements and platform capabilities, ensuring controls, risks, and evidence are mapped correctly from day one.
→— 08
Independent VAPT services to identify, validate, and prioritise security vulnerabilities across your networks, applications, and infrastructure. Our assessments go beyond automated scanning — every finding is manually validated, contextualised against your risk environment, and mapped to remediation actions your team can actually execute. Reports are structured for both technical teams and management review, and are accepted by ISO 27001, SOC 2, and PCI-DSS auditors as evidence of security testing.
→Thought Leadership
ISO 27001:2022 · Auditing
A frank breakdown of what separates a passed certification audit from a minor nonconformity — based on real audit experience across IT services and banking.
Data Privacy · DPDP
What you can reuse from your GDPR programme, and the specific gaps DPDP introduces that most organisations are missing.
SOC 2 · Readiness
Trust Service Criteria mapped to practical controls, with a timeline that avoids last-minute evidence scrambles.
Who We Are
Teluge Consulting was founded on a simple premise: organisations deserve compliance guidance from someone who has actually done the work — not just read the standards. Every engagement draws on 20+ years spanning QA management, information security implementation, and certification auditing.
2023 — Present
ISO 27001, ISO 9001, ISO 22301 implementation and certification audits for IT services, banking and fintech clients. SOC 2 and PCI-DSS advisory.
2018 — 2023
Led ISO 27001:2013 and ISO 9001:2015 implementations. Managed quality assurance programmes across software delivery teams.
2005 — 2018
14-year foundation in software quality assurance across enterprise IT projects.
Ongoing
Research focus on GRC automation and scalable compliance programme management.
Whether you're preparing for ISO 27001 certification, responding to a SOC 2 request, or navigating India's DPDP Act — let's talk through your situation in a no-obligation call.
What We Do
From gap assessments to certification readiness to external auditing — end-to-end GRC support calibrated to your organisation's size and risk profile.
— 01
Full ISMS design and implementation — from gap analysis through risk assessment, Annex A control selection, policy development, Statement of Applicability, and certification audit preparation. We structure the programme so it can be maintained and operated by your internal team post-certification.
→— 02
Type I and Type II readiness across all five Trust Service Criteria — Security, Availability, Processing Integrity, Confidentiality, and Privacy. Control mapping matrices, evidence collection frameworks, and auditor liaison support throughout the assessment period.
→— 03
Assessment and remediation aligned to PCI-DSS v4.0 requirements. Cardholder data environment scoping, SAQ selection and guidance, gap remediation planning, and evidence preparation for QSA assessments.
→— 04
Data privacy compliance for Indian organisations navigating DPDP Act 2023, with cross-border obligations under GDPR or HIPAA. Privacy impact assessments, data inventory and mapping, consent framework design, and policy development aligned to ISO 27701 (PIMS).
→— 05
BCMS design and implementation — Business Impact Analysis, BCP and DRP documentation, exercise and testing programmes, and certification audit support aligned to ISO 22301:2019.
→— 06
Stage 1 and Stage 2 certification audits, surveillance audits, Re-Certification audits conducted as a contract auditor under accredited certification body. Also independent pre-certification audits to identify gaps before your formal assessment. ISO certificates are issued by the certification body — not by Teluge Consulting.
→— 07
Selection, configuration, and rollout of GRC management platforms — translating your compliance programme into structured, auditable, and automated workflows. From spreadsheet-based programmes to enterprise GRC tooling, we bridge the gap between framework requirements and platform capabilities, ensuring controls, risks, and evidence are mapped correctly from day one.
→— 08
Independent VAPT services to identify, validate, and prioritise security vulnerabilities across your networks, web applications, APIs, and infrastructure. Our assessments go beyond automated scanning — every finding is manually validated, contextualised against your specific risk environment, and mapped to clear remediation actions your team can execute. Reports are structured for both technical teams and executive management, and are accepted by ISO 27001 (Annex A.8.8), SOC 2, and PCI-DSS v4.0 (Requirement 11.3 and 11.4) auditors as evidence of security testing. We also offer remediation verification retests to confirm fixes before your certification audit.
→A 30-minute call is usually enough to map your situation to the right engagement type and give you a realistic timeline and cost estimate.
Who We Are
Teluge Consulting is an independent GRC advisory firm based in Kerala, India — founded on the belief that organisations deserve practical compliance expertise, not just standards documentation.
Our Story
Rajith Sudhakaran founded Teluge Consulting after 18 years building quality assurance and information security programmes from within organisations — including five years as QA Manager leading ISO 27001:2013 and ISO 9001:2015 implementations at an IT services firm.
The transition into independent GRC consulting came from a clear gap in the market: most compliance engagements were being led by consultants who knew the standards but had never managed an audit, never had a nonconformity raised against their own work, and had never operated an ISMS through its full surveillance cycle.
Teluge Consulting exists to fill that gap. Every client engagement draws directly on 20+ years of real implementation and audit experience — including conducting Stage 1 and Stage 2 certification audits as an external auditor.
The firm works with mid-market IT companies, SaaS startups, and financial institutions across India, with a growing focus on DPDP Act 2023 compliance for organisations with international data obligations.
Our Philosophy
We design every implementation as if we were the auditor reviewing it — because often, we are.
A 50-person SaaS company doesn't need the same ISMS as a 5,000-person bank. We calibrate accordingly.
We recommend tools when they genuinely help. We don't earn referral fees from GRC platform vendors.
Our goal is a client team that can maintain the programme independently — not one that needs us every year.
Credentials
No sales pitch. Just a frank 30-minute conversation about where you are, where you need to be, and the most practical path between the two.
Insights
Articles, guides, and implementation notes written by a practising GRC consultant and external auditor — for compliance managers, CISOs, and IT leaders.
All Articles
ISO 27001:2022 · Auditing
A frank breakdown of what separates a passed certification audit from a minor nonconformity — based on real audit experience across IT services and banking sectors.
Data Privacy · DPDP
What you can reuse from your existing GDPR programme, and the specific gaps DPDP introduces that most Indian organisations are missing.
SOC 2 · Readiness
Trust Service Criteria mapped to practical controls, with a week-by-week timeline that avoids last-minute evidence scrambles.
PCI-DSS v4.0
The key changes explained — what's mandatory now, what has a future deadline, and how to sequence your remediation without disrupting operations.
Get in Touch
A 30-minute conversation is usually enough to understand your situation and give you a realistic sense of scope, timeline, and cost — at no obligation.
Contact Details
Typical Response Time
Email and WhatsApp enquiries are typically responded to within 4 hours on business days. For urgent matters, please call directly.
Tell us a little about your organisation and what you're working on. We'll respond within one business day.
✓ Enquiry received. We'll respond within one business day.
For urgent matters call +91-98465-34347.