Skip to content

Compliance Advisory

ISO 27001/27701, RBI NBFC mappings, SOC 2 readiness, PCI DSS scoping — delivered with playbooks, evidence, and audit handover.

Email usBook a callGet help now
NIST • ISO 27001/27701 • SOC 2 • RBI (NBFC) • PCI DSS • CIS

Where we help

ISO 27001 ISMS build

Scope, risk & SoA, policies, internal audit

SOC 2 readiness

Scope & gap, policy kit, evidence, audit coordination

See details →

ISO 27701 & Privacy

DPIAs, data maps, processor controls

RBI NBFC

RBI↔ISO mapping, VA/PT cadence, audit prep

PCI DSS scoping

Data flows, scope reduction, logging/retention

AI / ISO 42001 mapping

AIMS governance, policy & risk

See details →

Third-party risk? See V-ROC.

How we work

  1. Step 1
    Discover & scope
    Systems, data, locations
  2. Step 2
    Assess gaps
    Design & operating effectiveness
  3. Step 3
    Remediate
    Policies, controls, tooling
  4. Step 4
    Implement & evidence
    Artifacts, KRIs, dashboards
  5. Step 5
    Internal audit / readiness
    Dry run before audit
  6. Step 6
    Audit handover
    Support up to certification

Typical SOC 2 Type 1 readiness: ~30–45 days (organisation-dependent).

What you’ll get

  • Policy set & Statement of Applicability
  • Risk register, KRIs & dashboards
  • Control matrix & framework mappings
  • Evidence pack templates
  • Runbooks & onboarding checklists
  • Executive summary & roadmap

Packages

Starter
  • Single framework
  • Policy kit
  • Basic evidence templates
Book a callEmail us
Growth
  • 1–2 frameworks
  • Remediation guidance
  • Internal audit
Book a callEmail us
Enterprise
  • Multi-framework mapping
  • Audit support
  • Dashboards
Book a callEmail us

FAQs

Can you work with our auditor?

Yes — including our CPA partner for SOC 2, or your existing auditor.

Do you sign NDAs?

Yes — same-day in most cases. Email us and we’ll countersign promptly.

Can we start with a gap assessment only?

Yes — fixed-scope gap assessments are available and can roll into remediation.

Do you provide policies?

Yes — tailored policy sets mapped to control objectives and your environment.

How do you handle multi-framework mapping?

We maintain a common control library across frameworks to minimise duplicate work.

Related services

Assurance (SOC 2)Vendor Risk – V-ROCManaged SecurityAI Assurance

NDA friendly. Serving NZ, Australia, India & the Pacific.

Book a callEmailCall