IT Compliance Guidance

There are many different IT standards out there, and maybe your company must comply by certain rules and guidelines. We have experience with many different IT standards and we can help you become compliant and/or certified for certain IT standards. 

ISO 27001

ISO/IEC 27001 is an international standard on how to manage information security. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure.

Spinae guides you through the entire process to become ISO/IEC 27001 compliant. After which you can choose to do an official audit to become ISO/IEC 27001 Certified. 

The Cybersecurity Maturity Model Certification (CMMC) is a training, certification, and third party assessment program of cybersecurity created in the United States. Aimed at measuring the maturity of an organization’s cybersecurity processes toward demonstrating compliance with the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

The CMMC framework consists of 3 levels, to advance to the higher levels you must comply with all the practices of the previous level.

Spinae guides you on your journey to become CMMC compliant. 



TISAX stands for Trusted Information Security Assessment eXchange. It is specific to the automotive industry to protect information, prototypes and other types of valuable data. It is built upon ISO/IEC 27001 but introduces 5 Maturity Levels on top of that. Depending on the type of information you handle for your automotive customer, a certain Maturity Level may be required.

Spinae guides you on your journey to become TISAX compliant by preparing your organisation for the mandatory external TISAX audit (for assessment level 2 and 3).