Moonlight helps companies, entrepreneurs, and businesses of every kind build information security and AI management systems that actually work — not just for the auditor, but for the business.
Every engagement is designed around a real outcome — a certification, a working system, or ongoing compliance confidence.
Build a compliant AI Management System from scratch — policies, risk assessment, controls, and audit preparation aligned with ISO 42001 and EU AI Act.
Structured information security risk assessment following ISO 27005 — risk register, treatment plan, and evidence-ready documentation your auditor will accept.
Ongoing monthly support — ISMS or AIMS management, compliance monitoring, incident response, surveillance audit preparation. Your security leader, without the full-time cost.
Full-cycle implementation: documentation, process design, team training, internal audit, and Stage 1 + Stage 2 certification support.
Understand where you are vs. where you need to be. Detailed findings report, prioritized roadmap, and a clear picture of what certification will actually take.
4–8 hour online sessions: "What is ISO 27001 and how to live with it", "ISO 42001 & EU AI Act for your team", or "Preparing for internal audit". Practical and human.
Most consultants specialize in one or the other. Moonlight covers both — and understands how they interact, which matters as EU AI Act compliance overlaps directly with your ISMS.
The deliverables are built to be used — by your team, by your auditor, by your next client. Not documents that sit in a folder and do nothing.
No junior handoffs. Every project is run personally by a senior practitioner. You get senior-level expertise throughout — not just at kickoff.
Designed for teams across time zones. Clear written communication, no unnecessary meetings, documented decisions. Works whether you're in Amsterdam or Austin.
Help organizations build genuinely working ISMS and AI management systems — not just for the auditor, but for real business protection and growth.
"We go from zero to certificate together. And we make the system live, not just paperwork."
Primary focus on high-value markets where ISO 27001 and ISO 42001 demand is growing fastest.
Largest market. Strong demand from SaaS and fintech companies preparing for enterprise sales or Series A/B due diligence.
Strong fintech and SaaS ecosystem. Growing compliance awareness across Ontario and BC tech corridors.
Rising ISO 42001 adoption. Healthtech sector with strong compliance culture and growing AI governance requirements.
EU AI Act compliance urgency. Dense fintech cluster in Amsterdam with high compliance maturity and EU regulatory pressure.
From first contact to signed certificate — every step is documented and communicated in writing.
We map your current state, business context, and certification goals. No calls required — async intake form works perfectly.
Full assessment vs. the standard. You get a prioritized findings report and implementation roadmap with realistic timelines.
Documentation, process design, and team training. Milestones tracked weekly. You always know what's done and what's next.
Internal audit, evidence review, mock assessment. Then we support you through Stage 1 and Stage 2 with the certification body.
Every engagement is scoped and quoted up front, so you always know exactly what's included before we start.
Understand exactly where you stand vs. ISO 27001 or ISO 42001, what it'll take to get there, and in what order.
Your ongoing security and AI governance partner. Everything you'd want from a CISO — without the full-time cost or overhead.
Complete ISMS or AIMS implementation — from gap analysis through certification. Everything included.
Taking on 2–3 founding clients at a reduced rate, in exchange for a written testimonial and permission to share an anonymized case study. Same work, same deliverables.
Moonlight is an independent GRC practice founded by Kateryna Basenko — with ISO 27001, ISO 27005, and ISO 42001 expertise, serving clients internationally.
The practice is built around one principle: quality over speed. We take one new client at a time, which means every engagement gets full attention. We don't pass projects to juniors, don't use boilerplate that doesn't fit, and don't disappear after handing over documents.
We work completely async — no standing calls, no unnecessary meetings. Communication is written, decisions are documented, and you always know what's happening and why.
If you understand why you need an ISMS or AIMS (not just "because an enterprise client asked"), have a realistic budget and timeline, and have someone on your side who owns the project — we'd love to talk.
Better to do less, but do it right. We never deliver unfinished work.
If we take a project, we see it through. Our success equals your certificate.
If something is outside scope or timelines are unrealistic — we say so before signing, not after.
Standards evolve — we stay current. ISO 42001 Lead Auditor certification in progress for 2026.
Tell us where you are, what standard you're targeting, and your timeline. We'll get back to you within 48 hours — in writing.
Response within 48 hours · Fully async · No calls required to get started