Tell us what’s
on your mind

We usually progress through first-time certification audits (both Stage 1 and Stage 2) in less than 45 days, as long as the organization stays on the ball with responding to any issues (i.e., nonconformities) we spot.

You bet! There is nearly an 80% overlap with the ISO 27001 controls and the criteria from SOC 2 when security and confidentiality are already in-scope to the examination. 

Absolutely! You can shift certificates around whenever, even if a surveillance or recertification audit is looming. If you’re making the switch to Mastermind, no worries — we’ll handle the transfer free of charge.

Yes, our team can either work inside your instance or export your evidence to reduce the total net new requests needed by our audit teams.

We stick to what we know best — ISO standards and CSA STAR certification schemes as spelled out on our website’s Frameworks section. We’re firm believers that auditors should be experts in a specific set of assurance frameworks to really nail it. Companies claiming to ace every framework under the sun? Well, we see them more as generalists than true specialists.

In a nutshell, yes! For the more detailed version, a management system can be eligible for virtual auditing if it meets specific scope conditions. Often, cloud setups that keep everything neatly contained check all the boxes, thanks to the overflowing stash of electronic records.

Nope. These services are off-limits for certification bodies for the scopes they’re already contracted to audit. Mastermind won’t let its crew audit their own work — no way, no how!

Standards published by the International Organization for Standardization can be purchased directly from its website and from any national ISO member. The Cloud Controls Matrix underlying the CSA STAR program is available for download through the Cloud Security Alliance here.