Golonex

Managed IT Services

EDR · MDR · XDR Email Security Backup & DR / BCP Staff Augmentation

🌍 Global

SOC as a Service Fractional Leadership Penetration Testing Compliance Readiness AI Automation Solutions Lab Our Work Industries About Contact Golonex Press ↗ Golonex Tools ↗ ◆ Golonex Ready Book a Call →
vCISO-Led

An ISMS that holds up — and the evidence to certify it.

ISO 27001 is the foundation everything else builds on, and the credential your customers and regulators already understand. We build a security management system that’s real, not paper — assemble the evidence to take you to certification — then extend and crosswalk it across every framework you’re actually held to.

Get your Security Readiness assessment → All Readiness services →
What we get you ready to do

A real ISMS, not paper

  • Run a defensible risk assessment (ISO 27005) and Statement of Applicability
  • Implement and evidence ISO 27001 Annex A controls
  • Stand up access control, encryption, logging, and monitoring
  • Prepare for the certification audit with a complete evidence pack
  • Maintain the ISMS year-round so surveillance audits are routine

Cloud extensions, scoped to your stack

  • ·ISO/IEC 27017 — security controls for cloud services
  • ·ISO/IEC 27018 — protection of personal data (PII) in public clouds

Attestations & control frameworks — readiness, not the sign-off

  • ·SOC 2 (Type I/II) — we get you attestation-ready and coordinate the engagement; the report is issued by a licensed CPA firm
  • ·NIST RMF (SP 800-37 / 800-53) and NIST CSF 2.0 — risk-management framework implementation and alignment
  • ·CIS Controls v8 (the “CIS 18”) — a prioritized, practical control baseline and hardening roadmap
  • ·PCI DSS — cardholder-data security readiness; we prepare you for the QSA, who performs the formal assessment
  • ·HIPAA Security Rule — safeguards for PHI, data-security scope only (not the Privacy Rule or clinical compliance)

Comply once, satisfy many.

Most regulated firms carry several of these at once. We implement a single control program and map it across SOC 2, ISO 27001, NIST, CIS, PCI, and HIPAA — so you clear overlapping requirements once instead of running parallel projects for each.

For India: we prepare you for CERT-In-empanelled security audits and align your ISMS with RBI/SEBI/IRDAI cyber expectations.

FAQ

Frequently asked questions

SOC 2 vs. ISO 27001 — which do we need? +

Often both — different buyers ask for different proof. SOC 2 is a US-centric attestation issued by a CPA firm; ISO 27001 is an internationally recognized certifiable management system. We implement one control program and crosswalk it so you satisfy both without running two separate projects.

Do you issue the SOC 2 report or the ISO certificate? +

No. We deliver readiness and coordinate. SOC 2 reports come from a licensed CPA firm, PCI DSS from a QSA, and ISO certificates from an accredited certification body. We get you ready and stand behind the evidence.

Is HIPAA coverage the full HIPAA program? +

We cover the HIPAA Security Rule — the safeguards for electronic PHI — as data-security scope only. We do not provide Privacy-Rule or clinical-compliance coverage.

Can you align us with Indian regulatory expectations? +

Yes. We prepare you for CERT-In-empanelled security audits and align your ISMS with RBI/SEBI/IRDAI cyber expectations.

Get your Security Readiness assessment → Privacy Readiness →