1. ISMS- ISO 27001

ISO 27001 is the only internationally-accepted standard for governing an organization’s information security management system (ISMS).

With ISO27001, demonstrate to existing and potential customers, suppliers and shareholders the integrity of your data and systems and your commitment to information security.


The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU).

Since the Regulation applies regardless of where websites are based, it must be heeded by all sites that attract European visitors, even if they don't specifically market goods or services to EU residents.


CCPA stands for California Consumers Protection Act 2018.

It is the most recent cookie law passed by the State of California as a response to the increased role of personal data in contemporary business practices and the personal privacy implications surrounding the collection, use, and protection of personal information.

4. SOC 1

SOC compliance is an audit framework designed by AICPA (American Institute of Certified Public Accountants).

The SOC 1 report gives assurance to your customers that their financial information is being handled safely and securely.For example, if your organization creates software that processes your clients’ billing and collections data, then SOC 1 is appropriate.

5. SOC 2

The SOC 2 (designed by AICPA) report demonstrates how secure is your customer data stored in the cloud.

The SOC 2 report demonstrates how secure is your customer data stored in the cloud. It focuses on the internal controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.


Certification to ISO 27701 Privacy Information Management System (PIMS) assures stakeholders that your organization takes data privacy seriously.

Implementing an ISO 27701 PIMS enables you to meet the highest standards of responsibility and transparency in the processing of personal information.

The controls and principles set out in ISO 27701 align with the principles laid out in recent data protection legislation around the world. Implementing an ISO 27701 Privacy Information Management System assists organizations in demonstrating their compliance with these and other regulatory regimes.


A PCI DSS audit is rigorous examination of the Payment Card Industry Data Security Standard.


The Health Insurance Portability and Accountability Act (HIPAA) mandates risk management best practices and physical, administrative, and technical safeguards.

9. QMS

A quality management system (QMS) is a collection of business processes focused on consistently meeting customer requirements and enhancing their satisfaction time to time.

10. RBI Audits

Determining effectiveness of planning and oversight of IT activities & evaluating adequacy of operating processes and internal controls.


  • Do we provide only audits or certification too?

    We only offer audits and consulting. Our firm is not a certifying body. But we will guide you closely to attain certification as well.

    Many organizations opt to undergo the audit and not pursue certification. Certification is a possibility, not a requirement.

  • What do I receive when my audit is complete?

    Typically an audit culminates in a report, written by our in-house team. The report will provide stakeholders with independent third-party verification regarding the fairness and suitability of information security management, controls, and practices.

  • How much does an audit cost?

    Pricing for the audit depends on scoping factors, including business applications, technology platforms, physical locations, third parties, and audit frequency. Pricing will also vary based on the inclusion of a gap analysis, or inclusion of additional remediation time.

  • How long does an audit take to complete?

    It depends on the audit and the scope. The engagement begins with scoping procedures, then moves into an onsite visit, evidence review, report writing, and concludes with the delivery of a report.

  • How long is an audit report valid?

    Again, it depends on the audit. E.g. The opinion stated in an ISO 27001 report is valid for twelve months following the date the report was issued. Please reach out to us to understand specifics about your audit.

  • How frequently does an audit need to be performed?

    Depends on the audit. E.g. Industry-standard is to schedule an ISO 27001 audit to be performed annually or when significant changes are made that will impact the control environment.

Trusted by the best in business.

“Matrix Business Services India Pvt Ltd is associated with Sumeru for the last 5 years. With your effective guidance we were able to obtain ISO 27001 certification which resulted in improving our Information Security Standards resulting in client satisfaction. Our experience with you and your team is very satisfactory.”

- TNGayathri, Matrix Business Services

“Sumeru has assisted us in our ISO 27001 journey and has tailored a unique training module for our internal auditors. Their trainers are very committed, competent and professional and we have benefited immensely from our engagement with Sumeru.”

- -Sandeep Gangolli, LNTEBG

"Our management was very pleased with the Risk Assessment outcome and we will for sure recommend your organization for any such assignment we will have in future and to other counterparts too!"

- Swathi Gaddala, Deputy Manager, SHS Compliance