Solutions / Technology
SOC 2 and ISO 27001 are the starting line. Not the finish.
Porticus processes SOC 2, ISO 27001, and every other cybersecurity standard. Our AI also processes the employment law, data privacy, customer-specific requirements, and expanding regulatory obligations that cybersecurity-only tools completely ignore, and connects the controls across all of them.
%20--%3e%3cg%3e%3ccircle%20cx='470'%20cy='450'%20r='250'%20fill='%233B82F6'%20fill-opacity='0.08'%20class='soft'/%3e%3ccircle%20cx='670'%20cy='450'%20r='320'%20fill='%230D9488'%20fill-opacity='0.06'%20class='outline'/%3e%3c!--%20Additional%20scope%20hints%20around%20the%20larger%20circle%20--%3e%3cg%20opacity='0.9'%3e%3ccircle%20cx='820'%20cy='300'%20r='18'%20fill='%230891B2'%20fill-opacity='0.10'%20class='soft'/%3e%3ccircle%20cx='860'%20cy='520'%20r='18'%20fill='%23F59E0B'%20fill-opacity='0.10'%20class='soft'/%3e%3ccircle%20cx='720'%20cy='650'%20r='18'%20fill='%2316A34A'%20fill-opacity='0.10'%20class='soft'/%3e%3ccircle%20cx='600'%20cy='260'%20r='18'%20fill='%237C3AED'%20fill-opacity='0.08'%20class='soft'/%3e%3cpath%20d='M600%20278L640%20340'%20class='soft'%20opacity='0.55'/%3e%3cpath%20d='M820%20318L740%20420'%20class='soft'%20opacity='0.55'/%3e%3cpath%20d='M860%20538L770%20510'%20class='soft'%20opacity='0.55'/%3e%3cpath%20d='M720%20668L700%20570'%20class='soft'%20opacity='0.55'/%3e%3c/g%3e%3c!--%20Intersection%20emphasis%20--%3e%3ccircle%20cx='560'%20cy='450'%20r='16'%20fill='%230D9488'%20fill-opacity='0.85'/%3e%3c/g%3e%3c/svg%3e)
You've outgrown your cybersecurity-only compliance tool.
Enterprise customers, multi-country teams, privacy requirements, employment regulations, and industry-specific obligations demand more than SOC 2-across NZ, AU, and global requirements. Porticus covers it all for technology companies.
Cybersecurity compliance is a starting point, not the whole programme.
SOC 2 and ISO 27001 get you through the procurement door. But privacy laws, employment regulations, AI governance obligations, and industry-specific requirements don't pause because your security programme is mature. The questions keep getting broader.
Enterprise Questionnaire Overload
Every enterprise prospect sends a different security questionnaire with different frameworks and scopes. Without a maintained, current compliance posture, every questionnaire is manual effort starting from zero.
Privacy Law Proliferation
GDPR, CCPA, NZ Privacy Act, Australian Privacy Act, and emerging AI-specific privacy rules each carry different obligations across your customer base and employee locations.
Multi-Country Employment Complexity
Distributed tech teams span jurisdictions with different leave laws, AI hiring rules, pay transparency requirements, and contractor classification rules. Most compliance tools don't address employment at all.
AI Governance Obligations
EU AI Act, emerging US AI regulation, and customer AI governance requirements are landing before most organisations have a programme. Treating AI governance separately from your existing compliance means double the work.
We cover what they cover. Then we keep going.
| What cyber-only tools cover | What they don't | What Porticus does |
|---|---|---|
| SOC 2, ISO 27001 | Employment law: pay transparency, AI hiring, leave | SOC 2 + ISO 27001 + employment. All controls cross-linked |
| GDPR basics | National privacy laws, industry-specific privacy, privacy programme management | Full privacy programme connected to every other programme |
| Customer security questionnaires | Non-security contract obligations, DPAs, SLA compliance | Every contract obligation extracted, mapped, and tracked |
| Security awareness training | Role-based multi-domain training, competency verification | Training cross-linked to controls across all programmes |
| Cyber audit prep | WorkSafe NZ / HSWA, employment law, facility safety audit prep | One evidence package covers every audit simultaneously |
%20--%3e%3cg%3e%3c!--%20Left:%20questionnaire/document%20stack%20--%3e%3crect%20x='220'%20y='250'%20width='360'%20height='420'%20rx='28'%20class='outline'%20fill='%23FFFFFF'%20fill-opacity='0.62'/%3e%3cpath%20d='M220%20250h140'%20class='accent'%20opacity='0.9'/%3e%3cg%20opacity='0.95'%3e%3crect%20x='270'%20y='320'%20width='260'%20height='54'%20rx='16'%20class='soft'%20fill='%23EEEAE4'%20fill-opacity='0.12'/%3e%3crect%20x='270'%20y='392'%20width='260'%20height='54'%20rx='16'%20class='soft'%20fill='%23EEEAE4'%20fill-opacity='0.12'/%3e%3crect%20x='270'%20y='464'%20width='260'%20height='54'%20rx='16'%20class='soft'%20fill='%23EEEAE4'%20fill-opacity='0.12'/%3e%3crect%20x='270'%20y='536'%20width='260'%20height='54'%20rx='16'%20class='soft'%20fill='%23EEEAE4'%20fill-opacity='0.12'/%3e%3ccircle%20cx='290'%20cy='347'%20r='6'%20fill='%23D6D0C5'%20fill-opacity='0.8'/%3e%3ccircle%20cx='290'%20cy='419'%20r='6'%20fill='%23D6D0C5'%20fill-opacity='0.8'/%3e%3ccircle%20cx='290'%20cy='491'%20r='6'%20fill='%23D6D0C5'%20fill-opacity='0.8'/%3e%3ccircle%20cx='290'%20cy='563'%20r='6'%20fill='%23D6D0C5'%20fill-opacity='0.8'/%3e%3c/g%3e%3c!--%20Middle:%20AI%20processor%20node%20--%3e%3ccircle%20cx='820'%20cy='460'%20r='90'%20fill='%230D9488'%20fill-opacity='0.16'%20class='outline'/%3e%3ccircle%20cx='820'%20cy='460'%20r='12'%20fill='%230D9488'%20fill-opacity='0.85'/%3e%3c!--%20Right:%20domain%20buckets%20--%3e%3cg%20opacity='0.95'%3e%3crect%20x='1040'%20y='270'%20width='420'%20height='110'%20rx='26'%20fill='%233B82F6'%20fill-opacity='0.06'%20class='soft'/%3e%3crect%20x='1040'%20y='400'%20width='420'%20height='110'%20rx='26'%20fill='%237C3AED'%20fill-opacity='0.06'%20class='soft'/%3e%3crect%20x='1040'%20y='530'%20width='420'%20height='110'%20rx='26'%20fill='%23F59E0B'%20fill-opacity='0.06'%20class='soft'/%3e%3crect%20x='1040'%20y='660'%20width='420'%20height='110'%20rx='26'%20fill='%230891B2'%20fill-opacity='0.06'%20class='soft'/%3e%3cpath%20d='M1080%20325h220'%20class='soft'%20opacity='0.6'/%3e%3cpath%20d='M1080%20455h220'%20class='soft'%20opacity='0.6'/%3e%3cpath%20d='M1080%20585h220'%20class='soft'%20opacity='0.6'/%3e%3cpath%20d='M1080%20715h220'%20class='soft'%20opacity='0.6'/%3e%3c/g%3e%3c!--%20Flows%20--%3e%3cg%20opacity='0.7'%3e%3cpath%20d='M580%20460H710'%20class='accent'%20opacity='0.55'/%3e%3cpath%20d='M910%20410C980%20360%201000%20340%201040%20325'%20class='soft'/%3e%3cpath%20d='M910%20445C985%20440%201005%20445%201040%20455'%20class='soft'/%3e%3cpath%20d='M910%20475C990%20520%201005%20550%201040%20585'%20class='soft'/%3e%3cpath%20d='M910%20510C980%20600%201005%20660%201040%20715'%20class='soft'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Scenario: Enterprise Customer Acquisition
The situation
A Series B SaaS company. Enterprise deal on the table - Fortune 500 customer requiring SOC 2 Type II, ISO 27001, GDPR DPA compliance, and a 47-question security questionnaire. Deal worth $1.2M ARR. Timeline: 90 days to first compliance validation.
What Porticus does
- Step 1: Upload the security questionnaire. Porticus extracts every obligation and maps coverage against your current state.
- Step 2: Gap report shows 52% already satisfied. Net-new controls scoped with effort estimates.
- Step 3: Full compliance programme generated for remaining gaps - controls, policies, and evidence checklists, cross-linked across SOC 2, ISO 27001, and the customer's DPA.
- Step 4: Evidence package produced for customer review in Week 1. Full certification pathway scoped with 90-day timeline.
The outcome
Deal won in 12 weeks. Every subsequent enterprise customer's questionnaire costs 60% less to respond to. The controls are already there, already connected, already tracked.
Standards our AI has already processed for technology companies - and any others you bring.
Cybersecurity
- • ISO 27001 (Global)
- • SOC 2 (US/Global)
- • Cyber Essentials (UK)
- • National frameworks (Global)
- • NIST CSF (US)
Data Privacy
- • Privacy Act 2020 (NZ)
- • Australian Privacy Act 1988 (AU)
- • GDPR (EU)
- • National privacy laws (Global)
- • CCPA/CPRA (US)
Employment
- • Employment Relations Act 2000 (NZ)
- • Fair Work Act 2009 (AU)
- • Multi-country employment (NZ/AU/Global)
- • Pay transparency (Global)
- • AI hiring regulations (Global)
- • Leave policies (NZ/AU/Global)
Customer Requirements
- • Security questionnaires
- • DPAs
- • Custom audit requirements
Workplace Safety
- • Health and Safety at Work Act 2015 / WorkSafe NZ (NZ)
- • Work Health and Safety Act / Safe Work Australia (AU)
- • ISO 45001 (Global)
- • Ergonomics (Global)
- • Emergency action plans (Global)
Industry-Specific
- • Privacy Act 2020 (healthtech/edtech, NZ)
- • PCI DSS (fintech, Global)
- • ISO 27001 (govtech, Global)
- • HIPAA (healthtech, US)
- • National/sectoral frameworks (Global)
Your standard or certification scheme isn't listed? Our AI reads the source text of any standard, regulation, or certification scheme and builds a complete, connected programme. We add it before you go live.
The more requirements you add, the less work each one takes.
This is the core economic difference between Porticus and every other approach. When your first programme is in the system, every programme you add after it costs less. Because Porticus already knows what you've done and automatically maps the overlap.
72%
Of your SOC 2 controls already map to ISO 27001 - Porticus finds and tracks every overlap automatically
60%
Less time to respond to each subsequent enterprise security questionnaire once your first is mapped
n×
Security awareness training, privacy notices, and access controls written once - credited across every programme simultaneously
Preparing for one audit builds readiness for the next.
Porticus calculates your cross-framework readiness in real time - based on your actual evidence and controls, updated continuously, not rebuilt each season.
ISO 27001 ISMS
GDPR / Privacy Programme
WorkSafe NZ / HSWA Programme
Every standard you add to Porticus costs less time and effort than the last - because every audit you pass has already partially done the work for the next one.
Your expertise shouldn't have to start over every audit season.
The work you do setting up a client's ISO 27001 ISMS, SOC 2 programme, or data privacy setup is the most valuable thing you deliver. With Porticus, that work stays alive between visits - the controls you mapped, the evidence you structured, the overlaps you identified all remain current and actionable in a platform your clients use every day.
Choose the model that fits your practice: white-label Porticus under your own brand, run it as a back-office managed service with your margins on top, or earn referral fees. If you manage 15 technology clients and spend 30% of your time on annual re-setup work, Porticus reclaims roughly 4–5 clients' worth of capacity - freeing you to price on value delivered, not hours spent.
What changes for your practice:
- ✓Flexible partnership models. White-label Porticus under your own brand, run it as a managed service with your margins on top, or earn referral fees. You choose how it fits your practice
- ✓Lower your cost to serve each client. The re-setup work that eats your margins handles itself - giving you capacity for more clients or deeper advisory work at the same headcount
- ✓Move from time-and-materials to value-based pricing. When your expertise stays permanent between audits, clients pay for outcomes, not hours - and your revenue per client grows
- ✓Shift reclaimed time to higher-value advisory: interpreting regulatory changes, guiding corrective actions, expanding client compliance footprints