US-Based. Global Reach.
38North is headquartered in the US. But we specialize in navigating the constantly changing international cloud compliance landscape. With in-country partnerships and relationships across the international compliance ecosystem, we design secure, compliant clouds built for the modern, global world.

Preparing US Companies for the Global Stage
Outside the United States, organizations embrace the cloud, outrunning the US Government’s pace of cloud adoption. American cloud companies, especially those that already comply with complex security regulations, should look beyond the US border to stay competitive in a world increasingly shaped by international opportunity.
38North’s network of in-country partnerships, and relationships with international cloud standard organizations, will help you make the global leap. Anticipating the explosion of international interest in cloud solutions, we’ve spent over a decade learning the international standards and building a global network of cloud security and compliance partners. We align existing cloud security architecture and processes to international requirements. Then, backed by our in-country partnerships, we work with local partners and international cloud regulators to address roadblocks and smooth your transition into international markets.
US Government: Open for Global Business
The US Government is increasingly receptive to buying IT services, even cloud services, from companies with global infrastructure. We help international organizations achieve and maintain compliance with the US FedRAMP standard. We resolve geographic hosting issues. We implement personnel security approaches to make the US Government more comfortable with non-US staff. And we segment and control data to meet FedRAMP standards.
We also help global organizations understand and navigate the US Government procurement process. From training on regulatory requirements and terminology, to hands-on support to the bid and proposal process, we bring clarity to the US procurement bureaucracy.
For organizations that already comply with an international standard, we map existing architectures and approaches to FedRAMP controls. Where gaps exist, we implement FedRAMP overlay approaches that efficiently meet US Government requirements, while minimizing impact on existing business processes.
International cloud compliance standards that we have experience with include but are not limited to:
- Japan ISMAP
- German BSI C5
- French SecNumCloud
- Australian IRAP
- International ISO 27017
- Singapore OSPAR
- Canadian Protected B
- UK Cyber Essentials
- Cloud Security Alliance (CSA)
Engineering Solutions to Global Cloud Challenges
Our approach is tailored to meet client-specific objectives, based on that client’s international cloud security and compliance objectives. Our international cloud security and compliance services include the following:
Compliance Gap Analysis:
A gap analysis helps CSPs that are new to international cloud security and compliance understand their readiness for the global stage. Our gap analysis will educate you on international processes while evaluating your cloud solutions to see how they fare against select international baselines. It results in a prioritized roadmap of actions to keep you focused on the most critical risks and challenges that might complicate your international path.
Advisory Support:
If you’ve committed to an international compliance standard but need help developing the required documentation, our advisory support can help. 38North’s experienced consultants, working with international partners as appropriate, can develop the documentation and approaches necessary to comply with targetted international standards. This can include mapping existing compliance documentation and processes to desired international frameworks. Alternatively we can start from scratch, designing a cloud security and compliance approach that helps you move effortlessly between those nations most critical to your business.
Cloud Security Assessment Support:
Backed by our network of in-country partnerships, we can handle the hassle of dealing with your international cloud compliance assessment team. We are well-versed with various international processes. This helps us expeditiously resolve findings and streamline the authorization process. We also have relationships across the international assessment community to help resolve misunderstandings and facilitate smooth assessments.
Remediation Support:
This service is for those CSPs that recently completed an international cloud security assessment and need some assistance with the interpretation, planning, development and implementation of remedial measures. We help you implement new technologies, policies, plans and procedures that satisfy specific international requirements without impacting other requirements you may face. We also tailor current organizational processes to squeeze a little more out of existing investments.
Continuous Monitoring:
Many international cloud compliance frameworks mandate continuous monitoring of global security posture. 38North’s Continuous Monitoring packages take care of any daily, weekly, monthly, quarterly and annual continuous monitoring tasks so you can stay focused on your organization’s success.
Next Steps
Contact us to get started. The first step is a one hour introductory and readiness session, to understand your international goals and current compliance approach, while also making sure that we’re a mutual fit. We also offer unbilled follow up calls if you have any additional questions or need consulting advice as you prepare to enter international cloud service markets.
Following our initial meetings, formal proposals and pricing are submitted within approximately one week. We can kick-off with a dedicated senior-level team within two to three weeks of contract signature.