Your compliance posture, continuously monitored.
Controls mapped to ISO 27001, CPS 234 and PCI DSS, evidence collected continuously and posture monitored every day, so when the auditor asks you hand them a pack rather than a project plan.
What you get
Framework Coverage
Controls mapped to the frameworks your customers and regulators expect: ISO 27001, CPS 234, PCI DSS. One set of work, multiple audits supported.
Continuous Posture Monitoring
Posture scanned on a regular schedule and surfaced in your report, not chased once a year. Gaps caught before they become audit findings, evidence always pack-ready.
Vulnerability Management
Continuous vulnerability scanning with prioritised remediation. You know what is exposed, what matters and what is already fixed.
Policy as Code
Your compliance policies verified against your live environment continuously. Drift, misconfigurations and gaps surfaced as findings before they become audit issues.
Audit-Ready Evidence
Evidence packs, control logs and remediation trails. When the auditor asks, you hand them a pack, not a project plan.
Expert Support
A named security lead and compliance analyst on your account during business hours. Agents on hand for routine compliance queries; humans handle auditor calls, remediation tracking and the harder questions.
Everything included. Fixed monthly fee.
Compliance Frameworks
- ISO 27001 Annex 5 and 8 controls
- SOC 2 Type II audit support
- PCI DSS compliance monitoring
- APRA CPS 234 and CPS 230
- AU Voluntary AI Safety Standard alignment
- GDPR and Privacy Act 1988 (under review)
- Sensitive information handling controls
- Annual compliance attestation support
Security Operations
- Continuous vulnerability scanning
- Security posture drift detection
- Identity and access management review
- Policy as Code verification
Evidence and Reporting
- Compliance posture reports on demand
- Quarterly compliance review with your security lead
- Attestation support for auditors
- Evidence pack generation and export
- Remediation tracking and closure
- Policy version history and audit trail
Sensitive data, contained and provable
A single exposure of the data you cannot afford to leak, customer records, health data or payment details, is a regulatory and reputational event, not just a bug. We treat sensitive data as its own control surface: encrypted with managed keys, held in the regions you choose and reachable only through least-privilege access.
For your engineers it means any drift in who can reach that data is surfaced as a finding before it becomes an incident, and every access is logged as evidence you can hand to an auditor rather than reconstruct after the fact.
How it works
Start with a Secure Compass snapshot, then a fixed-price gap analysis, then continuous compliance management. From snapshot to audit day, without it becoming your problem.
Assess
Fixed-price gap analysis against your target frameworks. Current controls versus required controls. What is covered, what is missing, what needs remediation.
Map
Controls mapped to AWS services. Policy compliance verified against your live environment. Evidence collection automated. Your compliance posture is measurable, not aspirational.
Monitor
Posture and vulnerability scans run on schedule through Infrastructure Lens, drift surfaced in your posture report.
Support
Auditor calls attended. Remediation tracked and closed against your Security Pillar Benchmark Score. Evidence packs exported when needed. The compliance work does not become your problem.
Customer Testimonial
The team at Base 2 has excellent product knowledge, provides pro-active support/advice and helped our business gain security accreditation in a very short amount of time. They collaborated really well with our security audit provider which made the process seamless.
See your compliance posture mapped.
Not sure where you stand? Secure Compass gives you a free security posture snapshot in 15 minutes.
Case Studies
Compliance and security results from companies we work with