Advisory · Compliance Readiness
SOC 2, ISO 27001, PCI DSS, HIPAA, CCPA/CPRA, NIST CSF, and sector-specific framework preparation. Convergent maps your existing controls, identifies gaps, and prepares the evidence procurement and auditors will ask for.
Talk to an expert →6+
Frameworks covered
Audit-ready
Evidence packages
4 sectors
Regulatory experience
What we cover
Convergent’s compliance readiness work is grounded in your actual security controls and risk posture — not a checklist reviewed against documentation. The output is evidence that holds up, not paper that passes and then fails.
SOC 2 Type I & II
Trust Service Criteria mapping and gap analysis
Control design and operating effectiveness evidence
Auditor readiness review and management response preparation
ISO 27001
Information security management system gap assessment
Annex A control implementation guidance
Statement of applicability and risk treatment plan
HIPAA & HITECH
Technical safeguard requirements assessment
PHI access control and audit trail validation
Breach notification readiness documentation
PCI DSS
Cardholder data environment scoping and gap assessment
Penetration testing scoped to PCI DSS requirements
SAQ and ROC preparation support
CCPA / CPRA
Cybersecurity audit programme for high-risk processors
Consumer personal data security safeguard assessment
Breach documentation for CCPA litigation readiness
NIST CSF · GLBA · NYDFS
NIST CSF maturity assessment and implementation roadmap
GLBA Safeguards Rule annual penetration testing and assessment
NYDFS 500 penetration testing and programme documentation
Get started
Convergent starts with a scoping conversation to understand your current posture, your target framework, and your timeline. The gap analysis that follows is the foundation for everything that comes next.
Talk to an expert →