ISO 27001
Also known as: ISO/IEC 27001 · ISO27001
ISO/IEC 27001 is the international standard for Information Security Management Systems (ISMS). Where SOC 2 is a US audit framework, ISO 27001 is a global certification that enterprise procurement teams — particularly outside the US — treat as the baseline security signal. The standard mandates a risk-based control selection from Annex A and a documented management system that is reviewed continuously.
Concepts that travel with this one.
Architecture rarely lives in isolation — these are the terms that come up in the same conversation.
SOC 2
Service Organisation Control 2 (SOC 2) is an AICPA audit framework covering five Trust Service Criteria — Security (mandatory), Availability, Processing Integrity, Confidentiality, Privacy. A SOC 2 Type 1 report attests that controls are designed correctly at a point in time; Type 2 attests they have operated effectively over a 6–12 month window. TantraDev is on track for Type 1 in Q3 2026.
GDPR
The General Data Protection Regulation (GDPR) is the European Union's data-protection law. The architectural levers it imposes are consent capture, data minimisation, the right to erasure, breach notification within 72 hours, and Data Protection Impact Assessments for high-risk processing. For TantraDev's clients serving EU users, GDPR shapes data residency, processor-controller contracts (DPAs), and the audit-logging granularity around personal data.
Building a system where ISO 27001 is the load-bearing decision?
30 minutes on the phone, one page in your inbox — what to build, what to skip, what it will cost. You keep the audit even if we are not the right fit.