Discover how RDC.AI, a global AI credit risk decisioning platform serving financial institutions, built its ISMS engine room with Avertro CyberHQ®, eliminating audit duplication, strengthening third-party assurance, and delivering clear executive visibility across governance, risk, and compliance.
RDC.AI is a global AI credit risk decisioning platform supporting financial institutions with commercial and business lending decisions. Operating across multiple jurisdictions and serving highly regulated customers, the organisation sits at the intersection of advanced analytics, financial services, and strict assurance expectations.
For Dr Kevin Tham, Chief Information Security Officer at RDC.AI, cybersecurity is not just about compliance. It is about maintaining trust in an industry where scrutiny is constant and assurance is non-negotiable.
“Our customers need to know that we do what we say we do, and that there is a third party that actually provides this particular assurance as well.”
Maintaining ISO 27001 certification, SOC 1 and SOC 2 Type 2 attestations, and multiple third-party assurance programs is foundational to RDC.AI’s operating model. As the organisation expanded its operations and assurance footprint, the complexity behind demonstrating that capability increased.
As RDC.AI expanded its operations across jurisdictions, the demands of third-party assurance increased in parallel. Supporting financial institutions requires more than strong controls. It requires ongoing, independent verification across multiple frameworks.
As assurance requests increased, the effort required to respond began to accumulate. Much of the underlying evidence was consistent across frameworks, yet it was being retrieved, formatted, and presented repeatedly to meet different requirements. While the security controls themselves were established and maintained, the structure behind managing them lacked cohesion.
“We ended up answering questions from third-party assurance providers multiple times. It created extra work,” Dr Tham said.
RDC.AI had implemented the appropriate controls and maintained the certifications required by its customers. Over time, it became evident that the way assurance was organised needed to evolve alongside the organisation. Evidence was spread across frameworks and attestations that often overlapped, yet responses were being rebuilt with each request rather than systematically reused.
For a growing organisation, expanding headcount to absorb audit overhead would have addressed the immediate workload but not the underlying structure. Governance required a more disciplined approach, one that would allow assurance to be delivered consistently and efficiently as the business continued to scale.
To address the growing complexity behind assurance, RDC.AI implemented Avertro’s CyberHQ® as the central platform for managing its Information Security Management System (ISMS).
“What I actually required was something that I wouldn’t call a GRC tool specifically. I needed something to run my information security management system,” shared Dr Tham. “It’s the engine room for my team to be able to understand all the various moving parts when it comes to security. So I needed a tool that is all-encompassing to everything that I do within the organisation, but would also be able to apply to the various third-party assurance programs that I have ongoing as well.”
CyberHQ® was implemented as the central platform for managing RDC.AI’s ISMS, providing a structured environment in which controls could be organised once and aligned across frameworks. Governance, risk, and resilience could be managed within a single operating model, enabling assurance to be delivered consistently without duplicating effort across audit cycles.
Since implementing CyberHQ®, RDC.AI has established a more structured and sustainable approach to managing governance and third-party assurance. Key outcomes include:
Dr Tham summarised the impact in a single word:
“Visibility”
A critical feature for RDC.AI was CyberHQ®’s structured reporting, derived from a single dataset and tailored to different audiences without rebuilding information for each request.
“There’s a lot of rich data in CyberHQ® that can be turned into reports that make sense for different audiences,” said Dr Tham.
As RDC.AI continues to grow, the structured foundation provided by CyberHQ® positions the organisation to evolve its governance model as it continues to scale. With controls, risk, and assurance data organised within a single environment, the organisation sees further opportunity in how that information can be leveraged over time.
“CyberHQ® is a data platform. We enrich it with as much security information and context as possible,” said Dr Tham. “It’s an amazing time saver when it comes to consuming and understanding contextualised controls within the organisation"
Organisations like RDC.AI are redefining how security governance is structured, managed, and reported at scale with Avertro’s CyberHQ®. By centralising controls, aligning assurance obligations, and generating structured executive reporting from a single dataset, CyberHQ® enables security leaders to operate with clarity and consistency as their organisations grow.
Schedule a demo or book a discovery conversation with the Avertro team today: Book a Meeting
Experience the power of a connected, automated platform that empowers you to Simulate Attack Paths, Automate Compliance, and Quantify Risk centrally.
28 Geary St, Ste 650 #1686
San Francisco, CA 94108 United States
81-83 Campbell Street
Surry Hills NSW 2010 Australia
