Standards-aligned automation and configuration for Governance, Risk, Compliance, IT Operations, and Business Continuity
Organisation Service Management (OSM) is a framework, methodology, and set of tools for aligning organisational governance, risk, compliance, IT operations, and business continuity into a cohesive system.
We build open, modular, and standards-aligned solutions that help organisations achieve:
- ISO/IEC 27001:2022 Information Security Management
- ISO/IEC 27002:2022 Information Security Controls
- ISO 22301:2019 Business Continuity Management
- ACSC ISM & Essential Eight uplift
- Trusted Service Criteria and other regulatory/compliance mandates
OSM is an automation and configuration suite that integrates:
- Governance, Risk, and Compliance (GRC)
- IT operations and service management
- Vendor and dependency management
- Strategic objectives, enterprise reporting, and risk management
It uses a configuration-as-code approach to ensure:
- Repeatability
- Auditability
- Alignment to international standards
- Full tenant ownership and portability (no vendor lock-in)
Organisations today face duplicated, fragmented, and manual processes across compliance, risk, and IT service management. OSM:
- Automates manual repetition (e.g. βfor all X with Y, conduct Zβ)
- Centralises and reconciles data from cloud, endpoint, and service providers
- Provides executive visibility through structured reporting
- Helps organisations evidence compliance and certification efficiently
- GRCosm β Information Security & Risk Management (ISO 27001 aligned)
- HRosm β People, Roles, Training, and Competence Management
- VLNosm β Vendor and Third-Party Management
- CMosm β Configuration and Change Management
- OSM Orchestrator β Automation, scheduling, synchronisation, and disaster recovery support
- Small to medium technology businesses without dedicated security or risk teams
- Service providers and registrars under ISO 27001, ACSC ISM, or auDA compliance requirements
- Organisations integrating with Atlassian, Microsoft 365, AWS, Azure, PagerDuty, Tenable, Intruder.io, and other tooling
Unlike traditional GRC/IRM tools (e.g. ServiceNow, Archer, Vanta):
- OSM integrates with your existing stack rather than replacing or adding to it
- Is agnostic and customer-controlled β your tenancy, your data
- Includes an OSM Guardian consultant model for deployment, maintenance, and accreditation support
This GitHub organisation hosts:
- Core schemas and configuration templates
- Reference implementations
- Connectors and orchestrators
- Documentation and knowledge artefacts
We welcome collaboration with organisations, auditors, and practitioners who want to streamline compliance and operations without unnecessary complexity, contact tech@osm.dev for more information.