Compliance Readiness

The compliance program your enterprise clients are asking for.

60–90 days to a deal-ready security posture. SOC 2, ISO 27001, GDPR, PIPEDA, and PCI DSS — delivered as a fixed-fee engagement with a senior team that has shipped this dozens of times.

Book a 30-min Readiness Consult →

"My client can't move forward because of their security requirements" — that's what we solve.

The 60–90 day program

What you get inside one quarter.

Week 1–2

Audit-ready policies

32-policy library, customised to your operations and stack.

Week 3–6

Evidence collection automated

Hooks into AWS, GCP, Azure, GitHub, Okta. Daily evidence captured continuously.

Week 7–10

Dry-run audit

Mock audit by a former Big-Four assessor. Findings closed before the real one.

Week 11–13

Auditor introduction

Warm intro to one of three audit firms we trust. Fixed-fee, no surprises.

Frameworks

Five frameworks. Shared controls.

Evidence collected for SOC 2 supports ISO 27001. GDPR overlaps with PIPEDA. We don't redo the work — we operate the overlaps.

Timeline

When does what happen.

SOC 2 Type I

3–6 months

SOC 2 Type II

9–18 months · 12 mo evidence

ISO 27001

6–12 months

GDPR / PIPEDA

2–4 months

PCI DSS SAQ-A

4–8 weeks

What's automated vs manual

Most of it runs itself.

Automated

Daily evidence collection
Access reviews (quarterly auto-prompt)
Vendor risk monitoring
Vulnerability scanning & SLA tracking
Policy distribution & sign-off
Pen-test scheduling

Manual (us)

Risk assessment workshops
Policy customisation
Auditor liaison
Incident-response tabletops
Executive readouts

Get the program started.

30-min readiness consult — we map your gaps, you walk away with a plan even if you don't hire us.

Book a 30-min Readiness Consult →