Informational guides to ISO 27001, SOC 2, ISO 42001 and GDPR: what each one is, how it works, what it takes, typical timelines and costs. No selling: understand first, then decide.
Informational pages to understand each framework. When you're ready to act, each guide links to the related service.
The international standard for information security management (ISMS). What it is, the 93 Annex A controls, the certification process, timelines and costs.
Read the guideThe AICPA attestation report (not a certification). Trust Services Criteria, Type I vs Type II, the observation period: the US market's trust lever.
Read the guideThe first certifiable standard for an AI Management System (AIMS). What it is, how it relates to the EU AI Act (and how it doesn't overlap), requirements and timelines.
Read the guideRegulation (EU) 2016/679: principles, legal bases, data subject rights, fines and extraterritorial reach. It's law, not a certification.
Read the guideStandard pages explain what a standard is and how it works. Services pages say what we do to get you there. To understand, start with Standards; to do it, start with Services.
No. ISO 27001 and ISO 42001 are certifications, issued by an independent accredited body. SOC 2 is an attestation: a report signed by a CPA. GDPR is neither: it's law.
It depends on your market and trigger: ISO 27001 carries weight in the EU and globally, SOC 2 in the US, ISO 42001 if you run AI, GDPR if you process EU residents' data. Write to us and we'll clarify it together.
Write to us and we'll turn theory into a concrete path.