FOR IMMEDIATE RELEASE
38North Security Achieves ISO/IEC 27001:2022 Certification
Washington, D.C. – 1/8/2026 – 38North Security, a leading cloud security and compliance engineering firm, announced that it successfully achieved ISO/IEC 27001:2022 certification in December 2025. This internationally recognized standard provides independent validation of 38North’s commitment to protecting sensitive information and operating with a mature, risk-driven security program.
ISO/IEC 27001 certification demonstrates that 38North has implemented a comprehensive framework for managing information security risks across people, processes, and technology. The certification supports the firm’s growing global client base, particularly organizations operating in EMEA and APAC, where enterprise clients and regulated sectors commonly require ISO 27001 certification as part of vendor qualification.
This achievement complements 38North’s deep expertise across U.S. and international compliance frameworks, including FedRAMP, CMMC, IRAP, ISMAP, and SOC programs. The independent audit validated the effectiveness of 38North’s internal security controls, governance practices, and continuous risk management processes that underpin how the firm safeguards client data.
“ISO 27001 certification is not just a badge; it reflects how we operate internally every day,” said Matthew Earley, President and Founder of 38North Security. “As a firm that helps organizations design, build, and secure audit-ready environments, it’s critical that we hold ourselves to the same standards we expect of our clients. This certification reinforces the trust our customers place in us and supports our continued growth as a global compliance engineering partner.”
“Achieving ISO 27001 required us to formalize what we already believe in: disciplined risk management, clear ownership, and security practices that scale with our clients,” said Linda Morales, Executive Vice President and Chief Security Officer at 38North Security. “This certification validates the strength of our internal controls and governance, and it ensures that our clients can trust us not just as advisors, but as operators who live the same standards they’re working toward.”
By aligning its internal operations with ISO/IEC 27001, 38North continues to lead by example, providing clients with added assurance that their compliance partner operates with disciplined security practices and a world-class information security framework.
About 38North Security
38North Security is a leading cloud security and compliance advisory firm specializing in helping organizations navigate complex regulatory frameworks such as FedRAMP, CMMC, ISO 27001, SOC 2, Australia’s IRAP, UK’s Cyber Essentials and Japan’s ISMAP. Founded in 2012, 38North serves a global client base ranging from innovative startups to Fortune 50 companies, delivering engineering-driven solutions that accelerate cloud adoption and streamline compliance. Our team includes former assessors, cloud engineers, and policy experts who bring a hands-on, automation-first approach to securing modern cloud environments. At 38North, we don’t just interpret compliance; we operationalize it.
Talk to a cybersecurity expert today.
About the Author
