Kastro is an advisory firm, not an accredited certification registrar. We do not issue the final ISO or TPN certificate. We prepare your organization to face the external auditor with evidence, control ownership, and fewer surprises.
Led by a certified ISO Lead Auditor with ISO/IEC 27001 and ISO/IEC 42001 auditing credentials, Kastro handles readiness reviews, gap analysis, policy drafting, internal audits, and practical governance work for teams that need board-level confidence without losing engineering reality.
For media, VFX, AI, SaaS, and regulated teams, the work is focused on passing the real examination: what is missing, what needs evidence, who owns each control, and what must be fixed before the external audit.
what we deliver.
ISO 27001 Gap Analysis
Assess your information-security management system against ISO/IEC 27001 expectations, identify missing controls, and prioritize remediation before an external audit.
ISO 42001 AI Governance Readiness
Map AI-management responsibilities, risk treatment, policy needs, and evidence expectations for organizations preparing for ISO/IEC 42001.
TPN Gold Preparation
Prepare media, VFX, and production-adjacent teams for TPN Gold expectations with practical control evidence, policy cleanup, and audit-facing readiness work.
Internal Audit
Run structured internal audits that test whether controls are implemented, evidenced, assigned, and ready for external review.
Policy Drafting
Draft and refine policies that auditors can assess and engineers can actually follow, from access control to acceptable AI use.
Shadow AI Exposure & Policy
Identify unsanctioned AI use, data exposure risks, and governance gaps, then define policy and controls that fit the business.
real-world scenarios.
ISO 27001 Readiness Sprint
A SaaS company has customer security pressure and an ISO target date, but policies, ownership, and evidence are scattered.
Kastro performs a gap analysis, builds a remediation roadmap, drafts missing policies, and runs internal audit checks before the registrar engagement.
AI Governance Before ISO 42001
A team is already using AI tools but lacks a formal AI-management framework or clear rules for data, model, and vendor risk.
Kastro maps AI use, shadow AI exposure, policy gaps, and management-system requirements into a practical readiness plan.
TPN Gold Prep for Media/VFX
A studio or vendor needs to satisfy client security expectations but does not know whether current controls will survive TPN review.
Kastro prepares evidence, policies, control ownership, and internal findings so the team can face the external examiner with confidence.
ready for the auditor?
Start with an audit-readiness conversation for ISO 27001, ISO 42001, TPN Gold, or AI governance.