Regulatory Compliances

We facilitate audits, develop policies, and procedures to ensure full compliance.
We start with a baseline and a pre-assessment to gather information for a gap analysis. 
We develop key performance indicator (KPI) to ensure progress and get traction for compliance.


  • ISO 27001

  • SSAE 16 SOC I and II Reporting

    • SOC 1 Type 1: A design of controls report used for evaluating and reporting on the design of controls put into operation as of a specific point in time.
    • SOC 1 Type 2: Includes the design and testing of controls to report on the operational effectiveness of controls over a defined period of time (typically six months).
    • SOC 3: A general use report that falls under the SysTrust and WebTrust seal programs, and does not contain a description of the service auditor’s test work and results.
  • Organizational policy
  • Acceptable use policy
  • Risk management policy
  • Vulnerability management policy
  • Data protection policy
  • Access control policy
  • Business continuity policy
  • Log aggregation and auditing policy
  • Personnel security policy
  • Physical security policy
  • Secure application development policy
  • Change control policy
  • E-mail policy
  • Incident response policy