FAQ

Yes. Download the redacted sample bundle on the Samples page. You can inspect the structure of a policy excerpt, the mapping workbook, the evidence checklist, implementation notes, the QA checklist excerpt, and a delivery memo excerpt.

No. Documentation supports compliance and audits, but compliance also requires implementation and operating the controls. Our packs include implementation notes and evidence cues so the work is practical, not theoretical.

We support ISO 27001, SOC 2, NIST CSF, and CIS Controls for audit and customer review readiness. We support GDPR and NIS2 through operational documentation and evidence templates that help you demonstrate what is in place. We do not provide legal advice or legal interpretation.

Minor revisions are wording and scope adjustments within the pack’s fixed artefact list. Adding a new requirement set, new artefact types, or expanding scope beyond the pack is handled as a separately scoped change request.

We only request what we need, and we do not require credentials. You can share documents using your preferred secure method. We can agree retention and deletion expectations during the call.

We map to the edition and criteria set that your auditor or customer review expects. If you have a specific version requirement, we confirm it during intake and reflect it in the mapping workbook.

You approve owners and documents, configure controls in your environment, and start collecting evidence. If you want ongoing upkeep, the Audit-Ready Care Plan provides quarterly update cycles and change logs. It is included in year 1 with Tailored Core Pack and Compliance Plus Pack, and it is optional with Express Pack.