Services
Fixed-scope engagements for every stage of your compliance journey.
From a first gap assessment to full audit readiness and ongoing fractional security leadership — each engagement is scoped to the framework your customers and contracts actually require.
SOC 2 Gap Assessment
A full evaluation of your current controls against the SOC 2 Trust Service Criteria, with a prioritized roadmap for what to fix before you engage an auditor.
What’s included
- Control-by-control evaluation against Trust Service Criteria
- Documented findings mapped to each control
- Prioritized remediation roadmap
- Auditor-readiness scoring
SOC 2 Readiness Program
Complete preparation for your Type I or Type II audit — policy development, control implementation, evidence collection, and direct coordination with your auditor.
What’s included
- Policy and procedure development
- Control implementation support
- Evidence collection system setup
- Auditor selection and coordination
ISO/IEC 27001 Readiness
Certification readiness for the internationally recognized information security management system standard — built for companies selling into global and regulated markets.
What’s included
- ISMS scope definition and risk assessment
- Statement of Applicability (SoA) development
- Control implementation against Annex A
- Internal audit and certification body coordination
ISO/IEC 42001 (AI Management Systems)
Readiness for the AI management system standard enterprise buyers are starting to require from vendors building AI-enabled products — covering risk management, data governance, and responsible AI controls.
What’s included
- AI system inventory and risk classification
- AI Management System (AIMS) documentation
- Control mapping for data governance and model risk
- Readiness assessment ahead of certification
HIPAA Gap Assessment
Identify gaps in your HIPAA Security Rule compliance before a covered entity asks for evidence — or before an audit uncovers them for you.
What’s included
- Security Rule control evaluation
- Business Associate Agreement (BAA) review
- Risk analysis documentation
- Remediation roadmap
FedRAMP Gap Assessment
Readiness evaluation for federal government cloud authorization — identifying control gaps against NIST SP 800-53 before you engage a 3PAO.
What’s included
- Control baseline evaluation (Low, Moderate, or High)
- System Security Plan (SSP) gap review
- Remediation roadmap ahead of 3PAO assessment
- Authorization pathway guidance
CMMC Readiness & Advisory
Gap assessment, System Security Plan, and POA&M support for DoD supply chain manufacturers preparing for CMMC Level 2 — including Mexico’s aerospace manufacturing corridor.
What’s included
- NIST SP 800-171 control gap assessment
- System Security Plan (SSP) and POA&M development
- Policy development and evidence collection support
- Remediation roadmap prioritized by contract risk
vCISO Retainer
Fractional CISO leadership for companies that need senior security guidance without the cost of a full-time hire — activating any of the frameworks above as needed.
What’s included
- Vendor security assessment response
- Board and leadership reporting
- Security program strategy and roadmap
- On-demand access for audits and incidents
Not sure which framework you need?
A 30-minute call is enough to map your customers’ requirements to the right starting point.