Est. 2019 · Independent practice
Evidence,
not assurance
theatre.
Ryker Audit is a small, senior team performing cybersecurity and controls assurance for companies that take their attestations seriously. We write the report a regulator would write.

FrameworksSOC 2 Type IIISO/IEC 27001HIPAAPCI DSS 4.0NIST CSFHITRUST
§ 01 — Method
The audit is not a checklist. It is a narrative — a careful reading of how a system actually behaves under stress, scrutiny, and time. Our reports are written to be read, not merely filed.
01
Scope
We agree on what is in and out of scope in writing, before fieldwork begins.
02
Evidence
Controls are tested against live artifacts — not screenshots, not assertions.
03
Report
A written attestation defensible to your board, auditor, and customers.
§ 02 — Services
Eight engagements,
performed seriously.
- 01SOC 2 Type IITrust Services Criteria audits with continuous evidence collection across the observation window.→
- 02ISO/IEC 27001Stage 1 readiness, Stage 2 certification, and surveillance audits aligned to Annex A controls.→
- 03HIPAA & HITRUSTSecurity Rule assessments for covered entities and business associates handling PHI.→
- 04PCI DSS 4.0Self-assessment guidance and Report on Compliance support for merchants and service providers.→
“They asked harder questions than our previous auditor and produced a report our board actually read end to end. The findings were specific enough that we could fix them on Monday.”
Head of Security
Series C fintech, 2024 engagement
§ 03 — Begin