Compliance & certification
Get audit ready in Canada with Axovern and TeckPath
SOC 2 Type II, ISO 27001, HIPAA, PIPEDA, Canadian health privacy, GDPR, NIST CSF, and PCI DSS — one platform, one accountable team, continuous evidence instead of annual scramble.
Frameworks
8+
Mapped on one program
Platform
Axovern
AI native GRC
Delivery
CaaS
We run the program with you
Proof
SOC 2 II
TeckPath audited since 2023
Choose your framework
Certification and audit readiness by standard
Each page explains who needs the framework, how Axovern collects evidence, and how TeckPath Compliance as a Service keeps you ready year round.
Trust services
SOC 2 Type II
SOC 2 Type II proves your security controls work over time, not just on paper. Canadian buyers increasingly expect it for B2B software, outs…
Audit readiness →ISMS
ISO 27001
ISO 27001 is the global standard for managing information security risk. Certification signals mature governance to customers, partners, and…
Audit readiness →US health
HIPAA
HIPAA applies when you process protected health information for US patients, even if your office is in Calgary or Toronto. BAAs and technica…
Audit readiness →Canadian privacy
PIPEDA
PIPEDA sets consent, accountability, safeguards, and breach notification expectations. Quebec Law 25 and provincial laws add requirements — …
Audit readiness →PHIPA · Provincial
Canadian Health Privacy
Health information in Canada is governed provincially (PHIPA in Ontario, HIA in Alberta, etc.). This is what US buyers often mean when they …
Audit readiness →EU privacy
GDPR
GDPR extraterritorial scope means Canadian SaaS and services can be fully in scope. Fines and customer churn risk make readiness a revenue i…
Audit readiness →Security program
NIST Cybersecurity Framework
NIST CSF (Identify, Protect, Detect, Respond, Recover) gives a common language for risk management that maps cleanly to insurance apps and U…
Audit readiness →Payments
PCI DSS
PCI DSS is contractually required by card brands. Non compliance means fines, lost processing ability, and breach liability.
Audit readiness →How it works
Three layers, one outcome
01 · Axovern
Continuous GRC platform
Controls, evidence, vendors, policies, Trust Center, and auditor workflows — automated where possible, human approved where it matters.
02 · CaaS
Managed compliance program
TeckPath maps your environment, closes gaps, and maintains the program so your team is not rebuilding evidence every audit season.
03 · Trust
Proof for buyers and auditors
TeckPath SOC 2 Type II, Cyber Essentials Plus, and a Trust Center that stands up in procurement.
Also explore: AI Governance for safe AI adoption · Compliance as a Service · Audit for Microsoft 365 · Sentinel for cloud posture
Not sure which framework fits first?
Most Canadian SaaS and services firms start with SOC 2 or ISO 27001; healthcare adjacent teams add Canadian health privacy or HIPAA.