RDC.AI
March 2026
Eliminating Audit Duplication and Delivering Executive Visibility
RDC.AI, a global AI credit risk decisioning platform serving financial institutions, built its ISMS engine room with CyberHQ®, consolidating three assurance frameworks into one operating model and ending redundant audit cycles.
Assurance Demands Were Scaling Faster Than the Team Could Absorb
RDC.AI sits at the intersection of advanced analytics and financial services, supporting commercial lenders across multiple jurisdictions. That operating context carries a non-negotiable assurance obligation: customers need independent verification that controls are in place and functioning — not just once, but continuously.
Maintaining ISO 27001 certification alongside SOC 1 and SOC 2 Type 2 attestations is table stakes for the business. As RDC.AI expanded its operations and customer base, the volume of third-party assurance requests increased in parallel. The controls were established. The certifications were current. But the structure behind managing them had not kept pace.
The underlying issue: evidence that was largely consistent across frameworks was being retrieved, formatted, and presented from scratch with every new audit request. Each cycle added overhead without adding control maturity.
"We ended up answering questions from third-party assurance providers multiple times. It created extra work."
Dr Kevin Tham, CISO, RDC.AI
Why CyberHQ®
A Platform Built for How Security Actually Works
Dr Tham's requirement was precise. He was not looking for a compliance checkbox tool or a bolt-on reporting layer. He needed a platform that could operate as the central engine room for his ISMS, a tool that understood the full operational scope of running security in a regulated, multi-framework environment
The decision criteria centered on three things:
- Organise once, align everywhere: controls needed to map across ISO 27001, SOC 1, and SOC 2 Type 2 without being rebuilt for each framework or audit cycle.
- Evidence that travels: supporting documentation had to be maintained in a consistent environment and reused across requests, not retrieved and reformatted from scratch every time.
- A single source of truth for the board: executive reporting across different stakeholder audiences needed to draw from one dataset, not a manual compilation exercise before every meeting.
"What I actually required was something that I wouldn't call a GRC tool specifically. I needed something to run my information security management system — it's the engine room for my team to be able to understand all the various moving parts when it comes to security."
Dr Kevin Tham, CISO, RDC.AI
Solution
One Operating Model for Governance, Risk, and Assurance
CyberHQ® was implemented as the central platform for RDC.AI's ISMS. It is not an overlay on existing processes, but as the structure those processes now run within. Controls are organised once. Evidence is maintained in a consistent environment. Assurance obligations across ISO 27001, SOC 1, and SOC 2 Type 2 are managed from the same dataset.
Results
Key Outcomes
An operating model that scales with the business. As RDC.AI's assurance footprint grows, the structure behind managing it does not require proportional effort to maintain.
Eliminated Audit Duplication
Eliminated Audit Duplication
Controls and evidence are now structured for reuse across ISO certification, SOC attestations, and all third-party reviews. Each request draws from the same organised dataset.
Improved Security Posture Visibility
Improved Security Posture Visibility
Governance and risk are managed within one operating model, giving the CISO and leadership a clear, current view of capability across the organisation.
Streamlined Reporting
Streamlined Reporting
Reporting for different stakeholders including the board, auditors and third parties, is now generated from a single source of truth without rebuilding information for each audience.
Scalable Without Adding Headcount
Scalable Without Adding Headcount
As assurance demands increased with business growth, the operating model absorbed them without requiring proportional investment in additional team resources.
Looking Ahead
A Data Platform That Compounds in Value Over Time
As RDC.AI continues to scale across jurisdictions, the structured foundation within CyberHQ® positions the organisation to evolve its governance model without rebuilding it. With controls, risk data, and assurance evidence centralised, the platform grows more valuable as more context is added.
For organisations like RDC.AI, the compounding benefit is clear: every control added, every piece of evidence stored, every framework aligned makes the next audit cycle faster, the next board report sharper, and the next assurance request simpler to answer.
See CyberHQ® configured to your environment
Book a 30-minute interactive session to see how CyberHQ® integrates with your existing tools, frameworks and environment.
-1.png?width=500&height=112&name=avertro-white-logo%20(1)-1.png)