Home / Services / TruCompliance™
PROPRIETARY · 02

TruCompliance

Achieve compliance. Stay insured. A proprietary ISMS platform, a virtual CISO, a Canadian SOC, and managed pen testing — built around your cyber insurance policy.

FrameworkSOC II · ISO 27001 · PIPEDA
vCISONamed, assigned quarterly
Pen testAnnual · managed
Audit-readyEvidence always live
The reality

Cyber insurance has quietly become a compliance regulator.

Insurers now require documented controls: MFA coverage, patch cadence, EDR, backup immutability, incident response. Miss one and your renewal is denied — or your claim is.

  • 1 in 3 cyber claims are denied for non-compliance
  • Premiums have risen 40–80% for under-controlled SMBs
  • Some insurers now require SOC II attestation for coverage
ANNUAL RENEWAL · INSURER REVIEW
Control Readiness Snapshot
96
/ 100
MFA coverage — 100%
EDR on every endpoint
Immutable backup <24h RPO
Patch cadence (CIS L1)
Documented incident response
!Awareness training due in 14 days
POLICY · ACME-2026-NA-CYBER · STATUS: READY TO RENEW
Four pillars

A full security program, delivered as a service.

01

vCISO

A named senior security leader who attends your leadership meetings, owns the risk register, and reports to your board.

  • Quarterly risk review
  • Board-ready reporting
  • Policy authorship
02

ISMS Platform

Our proprietary software continuously collects evidence from your environment and maps it to SOC II, ISO 27001, and PIPEDA controls.

  • Live control evidence
  • Framework mapping
  • Auditor-ready export
03

SOC · XDR · SIEM

24/7 Canadian analysts working from aggregated endpoint, identity, and network telemetry. Mean time to contain: under one hour.

  • Canadian SOC
  • Full-environment telemetry
  • Incident response runbooks
04

Pen Testing

Annual managed penetration testing delivered by independent partners. Findings feed straight back into the remediation roadmap.

  • External + internal
  • Social engineering
  • Remediation tracked
The ISMS platform

Evidence is collected the moment it exists.

Controls aren't screenshot-every-quarter anymore. Our ISMS platform connects directly to Entra, Intune, ESET, NinjaOne, and Cloudflare — and maintains live evidence against every control in your chosen frameworks.

  • 400+ controls mapped across SOC II · ISO 27001 · PIPEDA · NIST CSF
  • Real-time drift alerts to your vCISO and TAM
  • Single-click auditor package generation
  • Role-based access for auditors, insurers, executives
ISMS · LIVE CONTROLS
UPDATED 3s ago
CC6.1 · Logical Access
100%
CC6.3 · MFA Enforcement
100%
CC7.1 · Vulnerability Mgmt
94%
CC7.2 · Endpoint Detection
100%
A.8.24 · Data in Transit
98%
A.6.3 · Awareness Training
72%
SOC II · ready ISO 27001 · ready Awareness · action required
The journey

From risk register to renewable cyber policy.

M1

Gap assessment

vCISO onboards, maps your environment to your chosen frameworks, and publishes a prioritized gap list.

M2-3

Remediation wave

ISMS platform deploys, controls hardened, policies authored and adopted, training rolled out.

M4

Pen test & fix

Independent penetration test; findings triaged and remediated within SLA.

M6+

Attestation & renewal

Audit-ready evidence package delivered. Cyber insurance renewal with premium in line — or below.

Next step

See where you stand.

Free compliance gap review — we benchmark your current controls against SOC II, ISO 27001, and your cyber policy.

Request Gap Review See TruOffice