Governance, Risk & Compliance
Governance frameworks, control design, and certification readiness that withstand external audit.
Who it's for
Boards and executives who need defensible assurance, and teams preparing for a certification or a customer-driven audit.
What's delivered
- Certification readiness for ISO/IEC 27001:2022 and SOC 2 Type 2
- Control framework mapped to your obligations, not a generic checklist
- Policy and standards set that people will actually follow
- Gap assessment with a prioritised, costed remediation roadmap
- Audit liaison and evidence management through to certification
Proof point
Led ISO/IEC 27001:2022 and SOC 2 Type 2 attainment at one of New Zealand's largest technology organisations.
Let's talk about your security programme
Considering a vCISO, a security strategy and architecture, a SOC uplift, an AI assurance review, or a secure web build? Get in touch. The first conversation is on the house.