Standards-aligned automation and configuration for Governance, Risk, Compliance, IT Operations, and Business Continuity

Organisation Service Management (OSM) is a framework, methodology, and set of tools for aligning organisational governance, risk, compliance, IT operations, and business continuity into a cohesive system.

We build open, modular, and standards-aligned solutions that help organisations achieve:

• ISO/IEC 27001:2022 Information Security Management
• ISO/IEC 27002:2022 Information Security Controls
• ISO 22301:2019 Business Continuity Management
• ACSC ISM & Essential Eight uplift
• Trusted Service Criteria and other regulatory/compliance mandates

OSM is an automation and configuration suite that integrates:

• Governance, Risk, and Compliance (GRC)
• IT operations and service management
• Vendor and dependency management
• Strategic objectives, enterprise reporting, and risk management

It uses a configuration-as-code approach to ensure:

• Repeatability
• Auditability
• Alignment to international standards
• Full tenant ownership and portability (no vendor lock-in)

Organisations today face duplicated, fragmented, and manual processes across compliance, risk, and IT service management. OSM:

• Automates manual repetition (e.g. “for all X with Y, conduct Z”)
• Centralises and reconciles data from cloud, endpoint, and service providers
• Provides executive visibility through structured reporting
• Helps organisations evidence compliance and certification efficiently

• GRCosm – Information Security & Risk Management (ISO 27001 aligned)
• HRosm – People, Roles, Training, and Competence Management
• VLNosm – Vendor and Third-Party Management
• CMosm – Configuration and Change Management
• OSM Orchestrator – Automation, scheduling, synchronisation, and disaster recovery support

• Small to medium technology businesses without dedicated security or risk teams
• Service providers and registrars under ISO 27001, ACSC ISM, or auDA compliance requirements
• Organisations integrating with Atlassian, Microsoft 365, AWS, Azure, PagerDuty, Tenable, Intruder.io, and other tooling

Unlike traditional GRC/IRM tools (e.g. ServiceNow, Archer, Vanta):

• OSM integrates with your existing stack rather than replacing or adding to it
• Is agnostic and customer-controlled – your tenancy, your data
• Includes an OSM Guardian consultant model for deployment, maintenance, and accreditation support

This GitHub organisation hosts:

• Core schemas and configuration templates
• Reference implementations
• Connectors and orchestrators
• Documentation and knowledge artefacts

We welcome collaboration with organisations, auditors, and practitioners who want to streamline compliance and operations without unnecessary complexity, contact [email protected] for more information.