Modular offerings you can mix and match. People-led, tool-assisted.
ISMS scope, context, risk method, risk register, treatment plan, SoA, and policy set aligned to 2022.
Control-by-control sampling, evidence checks, corrective action requests (CARs), and re-tests.
Objectives/KPIs, risk posture, audit results, and improvement plan in a board-ready deck.
Annex A alignment for cloud keys, secrets, pipelines, and access control; practical control owners and run-books.
Tickets, change logs, configs, screenshots—collected continuously and QA’d by humans.
Liaison with the Certification Body (CB): readiness checks, pre-audit dry-run, corrective action tracking.