Skip to content
Aegix
All services

Compliance

ISO 27001 and SOC 2, engineered not papered.

From first gap assessment to attestation, we run readiness programs that make audits boring — and leave your engineering team with controls they actually run.

The brief

What this engagement is — and isn't.

Aegix runs ISO 27001 and SOC 2 readiness as an engineering program, not a documentation exercise. Our lead auditors sit beside your platform team, instrument the controls in your existing tooling (GitHub, AWS, Okta, Linear), and produce evidence pipelines that survive long after the auditor leaves.

Outcomes

What you walk away with.

Audit-ready in 90–120 days

Typical greenfield programs reach Type I attestation in one quarter, Type II twelve months later — measured.

Controls wired to your tooling

Evidence flows from GitHub, AWS, Okta, MDM, and your ticket system — not from spreadsheets your team will abandon.

Auditor liaison included

We coordinate with your chosen CPA / certification body so engineering hours aren't burned on audit theatre.

Process

How an engagement runs.

  1. 01

    Gap assessment

    Two-week sprint mapping current controls to ISO 27001 Annex A or SOC 2 Trust Services Criteria with severity-ranked gaps.

  2. 02

    Control engineering

    Policies, technical controls, and evidence pipelines built in your existing stack with named owners per control.

  3. 03

    Internal audit

    Full dry-run by our lead auditor before the external one arrives — every finding fixed before the real audit.

  4. 04

    Attestation & continuous compliance

    Liaison with the external auditor and quarterly evidence reviews so Year 2 is incremental, not a restart.

In scope

Coverage

  • ISO/IEC 27001:2022 readiness and certification
  • SOC 2 Type I and Type II
  • Mappings to HIPAA, GDPR, DORA, NIS2
  • Vendor and third-party risk programs
  • Policy library tailored to your stack

You receive

Deliverables

  • Gap report with severity-ranked findings
  • Risk register and Statement of Applicability
  • Policy and procedure pack (engineering-friendly)
  • Evidence automation in your existing tools
  • Pre-audit internal audit report

Scope your compliance engagement.

One 45-minute scoping call. Named lead engineer assigned within one business day.

Request engagement