Trust Center

ISO 27001 posture

Last reviewed: 2026-05-25

Status, plainly

Compliance Care is not yet certified to ISO/IEC 27001:2022.

We operate against the ISO 27001:2022 control framework with internal self-assessment. Third-party certification through a JAS-ANZ-accredited certification body is scheduled for Year 2 (calendar 2028) of the operating plan, once the customer base and engineering surface are stable enough to justify the cost and discipline of a full ISMS audit cycle.

We do not, and will not, describe Compliance Care as "ISO 27001 certified" or "ISO 27001 compliant" until a JAS-ANZ-accredited certification body has issued a current certificate. This is the same discipline we apply to claims about our NDIS-provider customers.

What this means today

We have:

What this does not mean today

Path to certification

MilestoneTarget
ISMS scope statement and Statement of Applicability published internallyLive.
First full internal audit cycle complete with findings closed2027 calendar year.
Stage 1 audit by JAS-ANZ-accredited bodyFirst half of 2028.
Stage 2 audit by JAS-ANZ-accredited bodySecond half of 2028.
Certificate issuedTargeted late 2028.
Surveillance auditsAnnual thereafter, recertification at year 3.

These dates are targets, not commitments. If the date moves, this page is updated within the same week, with the reason.

Related

Change log

DateChange
2026-05-25Initial publication. Third-party certification target: late 2028.

← Back to the Trust Center