The organization
AirSuite Inc. is an aviation software company based in Thunder Bay, Ont. The company is known for its flagship product Cirro, which supports end-to-end safety and operational efficiency as well as compliance for aviation businesses.
The challenge
As AirSuite continued to scale its SaaS platform and expand its customer base, clients wanted the company to demonstrate strong information security, availability, and operational controls.
To support growth and meet customer assurance expectations, AirSuite needed to:
- Prepare for a SOC 2 Type II examination across multiple trust services criteria.
- Establish an ISO 27001-aligned information security management framework.
- Co-ordinate efforts across multiple assurance standards while maintaining delivery timelines and minimal disruption to operations.
AirSuite was looking for a partner that could provide structured readiness support, practical remediation guidance, and seamless co-ordination across assurance and certification activities.
The solution
AirSuite engaged us to deliver a phase-based, integrated assurance readiness program, which was created by collaborating with the firm’s global network.
Our Third Party Assurance (TPA) team led the SOC 2 readiness and reporting journey. It included:
- Conducting a SOC 2 readiness assessment covering security, availability, confidentiality, and processing integrity.
- Providing support with system description, control design, and remediation planning.
- The execution of the SOC 2 Type II engagement, covering both SaaS and supporting infrastructure.
In parallel, our Cybersecurity team performed an ISO 27001:2022 ISMS scope and current state assessment, including:
- An assessment of administrative, technical, and physical controls.
- The development of a statement of applicability (SoA).
- The identification of gaps and prioritized remediation recommendations.
To complete the certification lifecycle, BDO USA was engaged to perform the ISO 27001 certification audit, ensuring independence and alignment with certification requirements.
Throughout the engagement, our teams worked closely with AirSuite stakeholders using a co-ordinated project plan, shared tools, and clear accountability across working teams.
The outcome and benefits
The engagement resulted in a highly successful recognition of AirSuite’s control environment and security posture. As a result, the company:
- Successfully completed its SOC 2 Type II reporting.
- Had a clearly defined and operational ISO 27001 with aligned ISMS.
- Showed improved consistency between SOC 2 and ISO control frameworks, reducing duplication and audit fatigue.
- Experienced increased confidence from customers, partners, and stakeholders in AirSuite’s security and governance practices.
By leveraging our integrated assurance and cybersecurity capabilities, AirSuite was able to efficiently move from readiness to certification while building a scalable foundation to support future growth.