Cybersecurity • AI Governance • Multi-Cloud

Continuous Compliance. Trusted AI. Lower Cloud Spend.

ISO 27001/27017/27018, SOC 2, PCI, HIPAA, ISO 42001, EU AI Act, GDPR/CCPA, CSA CAIQ and ISO 14001/ESG across AWS, Azure, GCP and OCI.

92%
Audit items closed first pass
38%
Average cloud cost reduction
7d
To baseline Board dashboard
4x
Signal to noise in SIEM
See offerings Talk to an expert

Hot topics

November 2025: What CISOs track now

AWS us-east-1 DNS incident Post incident

Oct 19–20, 2025. DNS plan error propagated an empty record for a regional endpoint which broke launches and health checks across services.

  • Impact Resolution failures, token renewal issues, throttled invokes.
  • Controls Short TTLs, synthetic DNS checks, regional failover tests, DNS change holds.
  • Board note Add provider failure drills to resilience targets and track recovery time.
Microsoft global DNS disruption Outage

Oct 2025. A DNS issue affected identity flows and service reachability across regions which impacted authentication and dependent apps.

  • Key risks Centralized DNS, control plane coupling, stale caches.
  • Controls Split horizon design, cache hygiene, conditional access fail open rules where safe, out of band auth break glass.
  • Board note Require cloud vendor dependency maps and testable outage runbooks.
Public TLS certificates moving to 90 days Readiness

Planned for 2026. Shorter lifetimes improve hygiene but increase renewal risk for unmanaged estates.

  • Do now Inventory all certs, automate issuance and renewal, alert on expiry.
  • Prove Blue green cert swaps, canary expiry tests, global revocation checks.
  • Board note Track certificate debt as a resilience metric with quarterly burn down.

What we do

Offerings built for outcomes

vCISO & Governance

  • Risk register and board reporting
  • Policies, procedures, control design
  • ISMS build out and internal audit
  • M&A due diligence and integration

Assurance & Compliance

  • ISO 27001/27017/27018 and SoA
  • SOC 2 continuous evidence
  • PCI DSS 4.0 segmentation and ROC readiness
  • HIPAA safeguards, BAAs, DPAs

Threat & Response

  • Detections, tuning, noise suppression
  • Pentesting, purple team, IR playbooks
  • Post incident owners, actions, dates

AI Governance

From demo to dependable

ISO/IEC 42001

  • AI scope and policies
  • Model inventory and change control
  • Risk registers, KPIs, controls

Regulatory readiness

  • EU AI Act outlook
  • Transparency artifacts and logs
  • Post market monitoring

Secure LLM and agents

  • Anonymization, sanitation, tokenization
  • Guardrails and allow lists
  • Red teaming and output moderation

Frameworks

Compliance, sustainability, assurance

Evidence we map

  • Policies and standards, procedures
  • Architecture and data flows
  • Keys and rotation logs
  • Scans, pentests, DR and BCP validation

CAIQ domains

  • Identity, asset, change
  • Data security and encryption
  • Business continuity and incident response
  • Supply chain and privacy

ISO 14001 and ESG

  • Policy, aspects and impacts, objectives, audits
  • ESG program, metrics, governance, supplier engagement
  • GRI or SASB style mapping
  • Evidence and traceability for claims

Cloud

Patterns that scale across AWS, Azure, GCP, OCI

Identity

  • Least privilege, SCPs or policies
  • Conditional access and PIM style elevation
  • Break glass and JIT with logging

Network

  • Egress controls and WAF
  • Segmentation and service to service auth
  • Private endpoints and routing guards

Data

  • CMEK and vaults
  • Field level encryption and tokenization
  • Backup integrity and immutability tests

Observability

  • Curated rules with suppression
  • Agent reduction and sampling
  • Response playbooks and automation

Cost levers

  • Rightsizing and autoscaling
  • Spot, preemptible, reserved
  • Retention tiers and data egress tuning

Secrets and keys

  • Central key management
  • Rotation and break glass runbooks
  • Attestation and access proofs

Vendor risk

  • Tiering and intake
  • Security addenda, DPAs, BAAs
  • Exit, data return, erase

Executive

Board dashboards that drive decisions

Risk and control health

  • Top ten risks with trend and owners
  • Coverage and gap heatmap
  • Escape rate and time to close

Compliance at a glance

  • ISO 27001/27017/27018, SOC 2, PCI, HIPAA, ISO 14001
  • Evidence freshness and readiness
  • Reg change radar for EU AI Act and GDPR/CCPA

Cost and value

  • Spend vs coverage and risk reduced
  • Trendlines and variance
  • ROI of initiatives

Contact

Contact TeraType

Email

info@teratype.com

Privacy

privacy@teratype.com

United States

+1 888 964 6699

European Union

+421 233056 377

We use your information only to respond. We do not sell personal data.

Privacy

Privacy Notice

Effective date: June 3, 2025

Who we are

TeraType is a cybersecurity consulting and advisory firm. We help clients with governance, risk, compliance and technical security services.

Scope

This notice applies to personal information we process when you visit this website or interact with us for example via email or phone. It does not cover client data we process as a service provider under contract; those activities are governed by the applicable Data Processing Addendum or Business Associate Agreement as relevant.

Information we collect

  • Contact details such as name, email, phone and message content you submit.
  • Technical data such as IP address, device or OS and basic analytics that are aggregated or de identified where possible.
  • Business information you choose to share about your organization, needs or timelines.

How we use your information

  • To respond to inquiries and provide requested information.
  • To operate, secure and improve our website and services.
  • To comply with legal obligations and enforce our rights.
  • With your consent to send updates about services or policy changes.

Legal bases

  • Legitimate interests such as responding to messages, site security, fraud prevention.
  • Consent such as certain marketing communications and optional cookies where applicable.
  • Legal obligation such as recordkeeping and regulatory compliance.

Sharing

We do not sell personal information. We may share limited data with service providers such as email or hosting under contracts that require confidentiality and appropriate safeguards. We may also disclose information if required by law or to protect rights, safety and security.

International transfers

Where data moves across borders we use recognized transfer mechanisms and implement appropriate safeguards.

Retention

We keep personal information only as long as necessary for the purposes described or as required by law. Typical inquiry records are retained for a limited period and then deleted or de identified.

Security

We employ administrative, technical and organizational measures to protect personal information including access controls, encryption in transit and least privilege practices. No system can be 100% secure. We encourage you to use strong unique passwords and be alert to phishing.

Your rights

  • EEA or UK: access, rectification, erasure, restriction, objection, portability and the right to lodge a complaint with your supervisory authority. Where processing is based on consent you may withdraw consent at any time.
  • California: right to know, delete, correct and opt out of certain data sharing or selling. We do not sell personal information. We honor authorized agent requests as required.

To exercise rights contact us at privacy@teratype.com. We may need to verify your identity before fulfilling a request.

Cookies and similar technologies

We use essential cookies to operate this site and may use limited analytics that are configured to use de identified or aggregate data where feasible. Analytics will only load if you click Allow on the cookie banner. You can change your choice later using the banner control.

Do Not Track

Some browsers transmit Do Not Track signals. There is no industry consensus on how to respond. We currently do not act on these signals. We will update this notice if our approach changes.

Children

Our services are not directed to children. If you believe a child has provided us personal information please contact us to request deletion.

Changes

We may update this notice from time to time. We will change the effective date above and where appropriate provide additional notice.

Contact

Email: privacy@teratype.com

DPAs and BAAs

For clients that require a Data Processing Addendum for GDPR or a Business Associate Agreement for HIPAA we will execute our standard templates or review yours upon request.