Your compass to
compliance.

Independent compliance assessments for organizations that run on Azure. We find the gaps before your auditor, your insurer, or your regulator does.

Schedule Assessment Learn how we're different

We're not an MSP.

Regulators, auditors, and insurance underwriters give more weight to assessments performed by independent third parties. We are that independent third party.

Not Managed IT

We don't manage your endpoints, patch your servers, or answer help desk tickets. We focus exclusively on security strategy and compliance.

Not Product Sales

We don't resell firewalls, EDR, or SaaS licenses. Our revenue comes from advisory services, so our recommendations are truly objective.

Not 24/7 Monitoring

We're not a SOC. We don't watch screens at 3 AM. We design the security architecture and compliance programs that your SOC operates within.

Services

Framework-driven assessments that give you a clear picture of where you stand and a roadmap through the terrain ahead.

HIPAA Assessment

Azure and Epic environments assessed against HIPAA Security Rule sections 164.308 through 164.312. Every control, every requirement.

Learn more

PCI DSS Gap Analysis

Evaluate your cardholder data environment against PCI DSS requirements. Clear roadmap to compliance.

Learn more

NIST CSF Implementation

Adopt the NIST Cybersecurity Framework with a structured implementation plan tailored to your organization.

Learn more

Cyber Insurance Readiness

Prepare your security posture to meet insurer requirements and reduce premiums. Documentation that underwriters trust.

Learn more

vCISO Services

Fractional security leadership for organizations that need strategic direction without a full-time hire.

Learn more

Continuous Monitoring

Ongoing compliance monitoring and drift detection. Stay compliant between audits, not just during them.

Learn more

Why Iron Compass

Four principles that define every engagement.

Compliance-First

We start with the framework, not the product. Every recommendation aligns to a control objective, not a vendor SKU.

AI-Augmented

Four specialized AI personas — CISO, compliance officer, threat analyst, and business strategist — accelerate evidence gathering, policy generation, and gap analysis.

Learn how

Microsoft Expertise

Deep Azure and Microsoft 365 security expertise. Our team includes a dual Microsoft MVP and Azure architecture specialists.

Independent Advisory

We don’t sell products or managed services. Our recommendations are unbiased because we have nothing to resell.

Leadership

Senior practitioners who've built and secured enterprise environments.

JR

Joe Ristine

Co-Founder & Principal Consultant

84+ Azure subscriptions, 50+ AKS clusters, 3 CAF landing zones, 32 Azure Government subscriptions. Identified $1.49M/year in cost savings at a $1.5B health system. Five simultaneous enterprise contracts across healthcare, defense, and financial services.

Azure Architecture Sentinel & Defender HIPAA Delivery FinOps Azure Government
MB

Matt Bishop

Co-Founder & Principal Consultant

Dual Microsoft MVP (Developer Security + Enterprise Security). Principal Architect at Bitwarden (10M+ users, SOC 2/ISO 27001). Co-founded iMobile3 (acquired by TSYS). Led engineering through Olo IPO (NYSE 2021). Georgia Tech Trustee.

Microsoft MVP (x2) Enterprise Security M&A Experience Partner Channels SOC 2/ISO 27001

Ready to get your bearings?

30 minutes. We tell you which frameworks apply, where your biggest gaps likely are, and whether you actually need us. No pitch deck.

Schedule Assessment Explore Services