Rocky Peak Assurance logo A stylised mountain inside a rounded badge with a subtle check mark, symbolising assurance. Rocky Peak Assurance
Independent advisory • Remote‑first

Assurance without the noise.

We help growing companies become audit‑ready — SOC 2, ISO 27001, HIPAA, PCI DSS — through clear controls, tidy evidence, and right‑sized processes.

Request a 20‑minute intro call See our approach
Denver‑based Framework‑literate: SOC 2 • ISO 27001 • NIST • CIS • PCI DSS Deliverables you can use
Rocky Mountains near Denver at sunrise

What you get

  • Policies in plain English
  • Control maps & ownership
  • Evidence packs & pre‑audit checks
  • Auditor/certifier hand‑off

About

Rocky Peak Assurance LLC is a boutique risk & compliance consultancy headquartered in Denver, Colorado. We help founders, COOs, CTOs, and GRC leaders implement practical controls, organise evidence, and glide through independent audits and certifications. We work quietly in the background so your team can focus on product and customers.

Note: We are not a CPA firm and do not provide public accounting services or legal advice. We prepare you for audits performed by independent CPA firms or accredited certification bodies.

Services

SOC 2 Readiness & Ongoing Compliance

  • Scope selection (Type I vs Type II), mapping to Trust Services Criteria
  • Evidence‑collection plan, gap remediation guidance
  • Pre‑audit check and auditor coordination

ISO 27001 Readiness

  • ISMS scoping and risk assessment methodology
  • Statement of Applicability (Annex A) mapping; policy set & control run‑book
  • Internal audit facilitation and certification‑body hand‑off

Vendor Risk Management (VRM) Setup

  • Tiering model, questionnaires, response‑review workflow
  • Lightweight process for Sales/Procurement with clear acceptance criteria

Policy Suite & Control Library

  • Plain‑English policies (security, privacy, continuity, access, change, incident, asset, backup, encryption)
  • Control catalogue mapped to SOC 2/ISO/NIST/PCI with ownership & evidence pointers

Business Continuity & Incident Exercises

  • Tabletop scenarios, RACI, comms templates
  • Post‑exercise action log

PCI DSS & HIPAA Readiness

  • Scope boundaries, control interpretation, evidence checklist
  • Assessor liaison and audit window support

How We Work

Weeks 0–1 · Discovery & Gap Map

Short workshops, current‑state snapshot, and a prioritised “Gap Map.”

Weeks 2–6 · 90‑Day Plan & Control Build

Right‑sized controls, policy set, and evidence plan that your team can actually run.

Weeks 7–12 · Evidence Pack & Pre‑Audit Check

Assemble artefacts, spot‑check samples, and rehearse walkthroughs.

Audit Window · Hand-off & On-Call Support

We brief your auditor/certifier and stay available for clarifications.

Sectors We Commonly Serve

SaaS & APIs · Professional Services · Healthtech vendors (non‑covered entities) · E‑commerce & Marketplaces · Data & Analytics

FAQs

Are you a CPA firm or certification body?
No. We’re an independent consultancy. We prepare you for audits and certifications conducted by third parties.
Can you work outside Colorado?
Yes. We’re remote‑first and support teams across the U.S.
Do you implement security tools?
We’re tool‑agnostic. We’ll align your existing stack and suggest options where helpful, but we don’t resell software.
How do fees work?
Fixed‑scope projects with clear deliverables. Larger programmes can be phased.

Contact

Email

[email protected]

We typically reply within one business day.

Address

Rocky Peak Assurance LLC
1500 North Grant Street, Suite North
Denver, CO 80203 USA

Meetings by appointment only.