LLumina Risk Advisory
IT Controls Compliance Audit Readiness

Compliance that works.
Built for real environments.

Controls designed for your environment, delivered by a small senior team with clear scope, fixed fees, and consistent ownership from start to finish.

SOC 2ISO 27001SOX IT ControlsSOC 1ITGC
Book a scoping call Take the readiness assessment
Our Services

How we help you
get audit-ready.

Compare all services →

We design, implement, and validate controls that reduce risk and hold up under audit.

10–12 weeks

SOC 2 Readiness

Type I & Type II

Customer contracts, enterprise deals, or investor due diligence demanding SOC 2? We design your controls, build your evidence library, and work directly with your auditor from day one.

  • Control gap assessment & design
  • Evidence library & full policy suite
  • Auditor liaison & walkthrough support
View service
4–6 months

ISO 27001 Implementation

Stage 1 + Stage 2 support

End-to-end ISMS build from gap assessment through certification. We design controls, prepare the Statement of Applicability, and support you through both audit stages.

  • Gap assessment & ISMS design
  • Full Annex A control suite & SoA
  • Stage 1 & Stage 2 audit support
View service
8–16 weeks

SOX IT Controls

ITGC scoping & remediation

Scope, design, and test your IT general controls before external audit begins. Support for Year 1 readiness or ongoing steady state. We focus on what auditors actually test and what your environment needs.

  • ITGC scoping across all 4 domains
  • Control design & walkthrough prep
  • Deficiency remediation roadmap
View service
6–10 weeks

SOC 1 Readiness

For service organizations

Payroll processors, financial SaaS, and transfer agents whose clients require a SOC 1 report. We define your control environment, document CUECs, and coordinate with your CPA firm.

  • Scope & control environment design
  • CUECs documentation
  • CPA firm coordination
View service
Project or retainer

ITGC Advisory

Audit support & co-source

Support for internal audit, co-source models, and targeted remediation. We integrate into your existing structure without disruption.

  • ITGC program assessment & design
  • Internal audit co-source support
  • Evidence library & remediation roadmap
View service
4–6 weeks

IT Risk Assessment

Identify, rate & prioritise

Map your full IT risk landscape before committing to a framework. We identify control gaps, assess residual risk, and define a clear roadmap.

  • IT risk register & heat map
  • Gap analysis across key control domains
  • Prioritised framework & remediation roadmap
View service
Why Us

Most firms hand you templates.
We build controls that actually work.

The difference is in how the work gets done.

Built into your operations.

We build controls that fit your workflows, reduce real risk, and remain effective beyond the audit cycle.

Fixed fees. No surprises.

You know the full price before we start. No hourly meters, no scope creep invoices. If we miss a milestone, that is our problem, not your invoice.

Senior people throughout.

Big-4 trained IT auditors with 8+ years on these exact engagements. The team that scopes your work is the team that delivers it, no handoffs to a junior three weeks in.

Certified to deliver.

Our team holds the same credentials your auditors require, and has completed 40+ engagements across every framework we offer.

  • CISA
  • ISO 27001 LA
  • CISSP

Typical engagement outcomes

What getting it right
looks like.

"SOC 2 Type II readiness in 10–12 weeks with clean audit results."

Typical for first-time SOC 2 environments

"ISO 27001 certification in 4–6 months from a standing start."

Typical for organizations without an existing ISMS

Get in Touch

Tell us your deadline.
We'll tell you what it takes.

Send us your framework and timeline. We'll come back with an honest assessment and a fixed-fee proposal within 48 hours.

No sales calls unless you ask for one.
One reply within 48 hours.
Fixed-fee proposal.
Prefer email? hello@luminarisk.io