Register Owner: CISO
Effective Date: June 13, 2026
Reviewed: Quarterly and at each ISMS Management Review
Frameworks: program-level (SOC 2 CC1.x governance reporting). Companion to the SOC 2 Readiness Timeline and Compliance Frameworks.
Effective Date: June 13, 2026
Reviewed: Quarterly and at each ISMS Management Review
Frameworks: program-level (SOC 2 CC1.x governance reporting). Companion to the SOC 2 Readiness Timeline and Compliance Frameworks.
Roadmap
Notes
- SOC 2 Type I and the initial Type II window both open 2026-06-22; the initial window closes 2026-09-22, with the report following ~weeks later. Subsequent Type II runs rolling, gap-free.
- ISO 27001:2022 / ISO 42001 — documentation is complete (SoAs, ISMS/AIMS docs); the gating item is the clause 9.2 internal-audit function before certification audits.
- EU AI Act — Art. 50 transparency applies 2026-08-02 (in-product); high-risk obligations phase in toward 2027-12-02.
- FedRAMP / IL5 — evaluation only, contingent on a funded federal contract; not a current commitment (see Compliance Frameworks).
Cross-references
Version history
| Version | Date | Description | Author | Approved by |
|---|---|---|---|---|
| 1.0 | June 13, 2026 | Initial compliance roadmap (Gantt). | Cameron Wolfe | Ishan Jadhwani |