IT Services & SaaS

LMS for IT Services + SaaS: ISO 27001 + SOC 2 + GDPR Processor + NIS2

Pre-built ISO 27001 awareness, OWASP Top 10, phishing simulation playbooks, GDPR processor responsibilities, incident response and SOC 2 Trust Services courses. Built for MSPs, SaaS vendors, cloud consultants and cybersecurity firms — with DPA / sub-processor / breach-SLA tracking baked in.

Important scope note

Courses provide awareness and induction-level training only. They are NOT accredited substitutes for ISO 27001 Lead Implementer / Lead Auditor (PECB, BSI, IRCA), SOC 2 readiness assessment by a qualified CPA firm, CSSLP / OSCP / GCIH certifications, or legal advice on your Data Processing Agreements. Use for onboarding, annual refreshers, security awareness cadence and compliance visibility.

Designed for data-processor + security-first compliance

ISO 27001:2022 + Annex A coverage

ISMS scope, Statement of Applicability, risk assessment methodology and the 93 Annex A controls (Organizational / People / Physical / Technological). Internal-audit + management-review periodic policies enforce annual cadence.

SOC 2 Trust Services Criteria

Security (Common Criteria), Availability, Confidentiality, Processing Integrity and Privacy. Policy templates that trace to the AICPA 2017 criteria (revised 2022) and support your CPA firm's evidence requests.

GDPR processor controls

Art. 28 mandatory DPA clauses, sub-processor approval workflow, Art. 33 breach notification SLA, Art. 30(2) ROPA and international transfer safeguards (SCCs, UK IDTA).

Cybersecurity hygiene + NIS2

Quarterly phishing simulation cadence, OWASP Top 10 developer training, incident response (NIST SP 800-61) with annual tabletop, vulnerability management with patching SLA, and NIS2 Art. 21 risk measures for EU essential/important entities.

Who we built this for

Managed service providers (MSPs) — ISO 27001 operations, SOC 2 readiness, customer DPA tracking
SaaS vendors — Art. 28 DPAs, public sub-processor register, breach SLA, enterprise buyer questionnaires
Cloud consultants — shared responsibility awareness, supplier security, NIS2 essential entity preparation
Cybersecurity firms — OWASP coverage, IR tabletops, phishing sim cadence, staff certifications

Covered frameworks & regulations

ISO/IEC 27001:2022 + ISO/IEC 27002:2022 • AICPA SOC 2 Trust Services Criteria (2017, revised 2022) Type I + Type II • EU GDPR Art. 28 / 30(2) / 32 / 33 • EDPB Guidelines 07/2020 (controller/processor) • EU SCCs (2021/914) + UK IDTA • NIS2 Directive EU 2022/2555 (effective 2024-10-17) • NIST SP 800-61 Rev. 2 (Incident Response) • NIST SP 800-50 (Awareness) • SANS PICERL • OWASP Top 10:2021 + OWASP ASVS 4.0 • ENISA Threat Landscape.

Ready to digitize your security awareness + processor compliance?

Book a 20-minute walkthrough. We'll show how MSPs + SaaS teams use the platform for ISO 27001 evidence, SOC 2 evidence, sub-processor register maintenance, phishing sim cadence and IR tabletops — without replacing your CPA firm or external counsel.