← back to services
SERVICE 06

Audit Readiness & Governance

iso 27001. iso 42001. tpn gold.

Kastro is an advisory firm, not an accredited certification registrar. We do not issue the final ISO or TPN certificate. We prepare your organization to face the external auditor with evidence, control ownership, and fewer surprises.

Led by a certified ISO Lead Auditor with ISO/IEC 27001 and ISO/IEC 42001 auditing credentials, Kastro handles readiness reviews, gap analysis, policy drafting, internal audits, and practical governance work for teams that need board-level confidence without losing engineering reality.

For media, VFX, AI, SaaS, and regulated teams, the work is focused on passing the real examination: what is missing, what needs evidence, who owns each control, and what must be fixed before the external audit.

27001
ISO Lead Auditor
42001
AI Management
TPN
Gold Prep
0
Certificates Issued by Kastro
CAPABILITIES

what we deliver.

ISO 27001 Gap Analysis

Assess your information-security management system against ISO/IEC 27001 expectations, identify missing controls, and prioritize remediation before an external audit.

ISO 42001 AI Governance Readiness

Map AI-management responsibilities, risk treatment, policy needs, and evidence expectations for organizations preparing for ISO/IEC 42001.

TPN Gold Preparation

Prepare media, VFX, and production-adjacent teams for TPN Gold expectations with practical control evidence, policy cleanup, and audit-facing readiness work.

Internal Audit

Run structured internal audits that test whether controls are implemented, evidenced, assigned, and ready for external review.

Policy Drafting

Draft and refine policies that auditors can assess and engineers can actually follow, from access control to acceptable AI use.

Shadow AI Exposure & Policy

Identify unsanctioned AI use, data exposure risks, and governance gaps, then define policy and controls that fit the business.

USE CASES

real-world scenarios.

ISO 27001 Readiness Sprint

The Problem

A SaaS company has customer security pressure and an ISO target date, but policies, ownership, and evidence are scattered.

Kastro's Approach

Kastro performs a gap analysis, builds a remediation roadmap, drafts missing policies, and runs internal audit checks before the registrar engagement.

AI Governance Before ISO 42001

The Problem

A team is already using AI tools but lacks a formal AI-management framework or clear rules for data, model, and vendor risk.

Kastro's Approach

Kastro maps AI use, shadow AI exposure, policy gaps, and management-system requirements into a practical readiness plan.

TPN Gold Prep for Media/VFX

The Problem

A studio or vendor needs to satisfy client security expectations but does not know whether current controls will survive TPN review.

Kastro's Approach

Kastro prepares evidence, policies, control ownership, and internal findings so the team can face the external examiner with confidence.

ready for the auditor?

Start with an audit-readiness conversation for ISO 27001, ISO 42001, TPN Gold, or AI governance.