Services

Thompson InfoSec provides hands-on security services for organizations at every stage — whether you have an established security team or you’re building one from the ground up.

ISO 27001 Readiness

#

ISO 27001 certification signals mature information security practices to customers, partners, and regulators. We help you get there efficiently.

• Gap analysis — assess your current controls against ISO 27001 Annex A requirements
• ISMS development — build or refine your Information Security Management System documentation
• Risk treatment planning — develop risk treatment plans aligned with the standard’s requirements
• Audit preparation — mock audits and readiness reviews so you’re confident before the real thing

SOC 2 Readiness

#

Whether you’re pursuing Type I or Type II, we guide you through the process from initial scoping to audit day.

• Trust Services Criteria mapping — assess your controls against Security, Availability, Confidentiality, Processing Integrity, and Privacy criteria
• Control gap identification — find where your current practices fall short and what needs to change
• Policy & procedure development — build the documentation foundation auditors expect
• Evidence collection guidance — set up processes to collect and maintain audit evidence continuously

Risk Assessment

#

Understanding your risk landscape is the foundation of any effective security program. We conduct structured risk assessments that give you a clear picture of where you stand and where to invest.

• Threat & vulnerability identification — map your organization’s threat landscape
• Risk scoring & prioritization — quantify risks so you can allocate resources where they matter most
• Framework alignment — assess against NIST CSF, ISO 27001, or other frameworks relevant to your industry
• Executive reporting — clear, business-friendly deliverables your leadership team can act on

Cloud Security Assessment

#

Misconfigurations are the leading cause of cloud breaches. We evaluate your cloud infrastructure across AWS, Azure, and GCP to identify security gaps before they become incidents.

• Architecture review — assess your cloud design for security best practices
• Identity & access management — evaluate IAM policies, roles, and privilege escalation paths
• Configuration audit — check storage, networking, logging, and encryption settings against industry benchmarks (CIS, CSA)
• Remediation guidance — prioritized findings with clear, actionable steps your team can execute

Network Security Assessment

#

Gaps in network architecture and access controls create easy paths for attackers. We perform comprehensive network security evaluations to surface vulnerabilities in your infrastructure.

• Architecture & segmentation review — evaluate network design, VLANs, and trust boundaries
• Firewall & access control audit — review rule sets, ACLs, and ingress/egress controls
• Vulnerability scanning — identify known vulnerabilities across hosts, services, and protocols
• Wireless security evaluation — assess Wi-Fi configurations, encryption, and rogue access points

Looking for ongoing security leadership? See our Virtual CISO service →