ISO/IEC 27001:2022
Wentzel Investments LLC operates an Information Security Management System (ISMS) aligned to ISO/IEC 27001:2022. The ISMS scope is the LLC's managed information systems supporting the products in scope of the Wentzel Compliance Baseline.
ISMS scope statement
Wentzel Investments LLC managed information systems supporting the WCB in-scope products, operated from AWS account 660053610107 plus the wentzel-ai GitHub organization plus the wentzel.atlassian.net Atlassian cloud tenant. Centaris Health Inc. (OculiRX) operates a separate ISMS and is out of scope.
Annex A control families
The Statement of Applicability covers all 93 Annex A controls grouped into four themes. Each control is documented as Applicable / Not-Applicable / Partially-Applicable with justification and operating evidence.
| Theme | Annex A range | Status |
|---|---|---|
| Organizational | A.5.1 – A.5.37 (37 controls) | Aligned |
| People | A.6.1 – A.6.8 (8 controls) | Aligned (solo-operator with named trustee Glenda Nicole Ramsey + compensating controls) |
| Physical | A.7.1 – A.7.14 (14 controls) | Aligned (no Wentzel-operated office; remote-only operation) |
| Technological | A.8.1 – A.8.34 (34 controls) | Aligned |
Certification timing
Certification fires on first qualifying business event (first $50K MRR, enterprise customer demand, or cyber-insurer evidence requirement). Nominated certification body engagement: Prescient Assurance.