Facebook Instagram X-twitter Linkedin
Book a Meeting

How Red Cup IT Achieved ISO 42001 Certification for AI Management With Insight Assurance

How Red Cup IT Achieved ISO 42001 Certification for AI Management With Insight Assurance
About Red Cup IT

Red Cup IT is a managed service, security, and compliance readiness provider headquartered in the United States. With a team of approximately 25 professionals, the company delivers end-to-end IT and cybersecurity solutions to a growing client portfolio — including a rising number of agentic AI companies building autonomous systems at the frontier of the industry.

Led by Founder and CEO Dan Le, Red Cup IT operates at the intersection of technology and compliance. Unlike traditional managed service providers, the company doesn’t just manage infrastructure — it helps clients architect compliant, secure environments from the ground up. That commitment is backed by Red Cup IT’s own compliance credentials: SOC 2 Type II, ISO 27001, and, as of 2024, ISO/IEC 42001 — the international standard for AI management systems.

The Challenge

As Red Cup IT’s client base expanded to include more agentic AI companies, Dan recognized that a basic allow/deny list for AI usage was no longer sufficient to govern how AI was being developed, deployed, and used across the organization.

“We wanted to fully understand the AI lifecycle from the user perspective and also the builder perspective. Which is why we wanted to build out a more full blown AI program instead of just having a more basic allow list or deny list when it comes to AI.” — Dan Le, Founder and CEO, Red Cup IT

That meant pursuing a recognized AI governance standard. ISO/IEC 42001 provides organizations with a structured framework for managing AI responsibly — covering AI risk management, data privacy controls, and ongoing oversight of AI tools and model behavior. For companies that build, deploy, or serve AI-driven products, it’s the globally recognized benchmark for AI governance maturity.

After researching available frameworks, Red Cup IT landed on ISO 42001. With an existing ISO 27001 foundation already in place, Dan noted that “the lift to go from 27001 to 42001 wasn’t too major.” But the standard was new enough that no established audit playbook yet existed — and Red Cup IT would be among the first organizations in the world to pursue ISO 42001 certification.

The Solution

Red Cup IT had worked with Insight Assurance on their SOC 2 Type II and ISO 27001 engagements. When the time came to pursue ISO 42001 certification, Dan’s team returned to the same audit firm. That continuity mattered: working with a familiar partner meant less onboarding overhead and faster alignment — which, as Dan explained, “translated to time, bandwidth, and financial savings.”

This engagement was unlike any that had come before it. Insight Assurance was simultaneously pursuing accreditation for the ISO 42001 standard, and Red Cup IT participated as a pilot client — with a representative from the regulatory accreditation body observing audit calls directly in real time.

Temitayo Oloruntoba, Red Cup IT’s Information Security Manager, led the implementation on their side. She described the preparation process:

“They shared the training with me — the PCB training — I did the training, I wrote the exam, and then I did the implementation in-house.” — Temitayo Oloruntoba, Information Security Manager, Red Cup IT

The audit itself was more intensive than previous engagements. Rather than asynchronous evidence review through a compliance platform, the ISO 42001 audit required extended live sessions with the accreditation body present.

“We had longer audit calls. We had to be sharing evidence on screen and discussing with the auditor.” — Temitayo Oloruntoba

Real-time communication remained a cornerstone of the process throughout.

“Our team is very Slack-based. The fact that we can communicate in real time — and have different folks from our team engage with your team in terms of sanity checks and alignment before the external audit — helped a lot.” — Dan Le

The Results

First-Mover Advantage in the MSP Market

Red Cup IT earned ISO 42001 certification — placing them among what Dan described as “probably the only or few in the world of MSPs” to hold this credential. For a managed service provider serving agentic AI clients, ISO 42001 certification provides a concrete, third-party-validated signal of AI governance maturity. Dan speaks openly about this distinction in client-facing conversations, and Temitayo noted that the certification consistently surfaces when prospects first learn about it.

Stronger AI Risk Management and Internal Controls

The ISO 42001 certification process produced tangible governance infrastructure.

“The program gave us the awareness and the policies — and then the enforcement teeth around it — using ISO 42001 to implement hard controls in our company.” — Dan Le

That included rolling out Nudge Security and Island Browser to enforce AI usage policies at the system level, maintaining an active AI tool inventory, and establishing a formal process for evaluating new SaaS tools before onboarding them. Temitayo described the day-to-day impact: “It has helped inform our users about the acceptable ways that they can use AI and the ways that they can’t. If I see anything, it’s easier for us to flag it and say, you shouldn’t be doing this, or you need to do this training.”

A Direct Impact on Business Development

The commercial impact was clear and immediate. As Dan put it: “It helps with closing contracts with agentic AI companies. And now we have quite a few of them as customers.” Red Cup IT clients beginning their own compliance journeys have also independently engaged Insight Assurance for audit services — extending the value of the partnership beyond Red Cup IT itself.

An Ongoing Relationship Built on Trust

Dan rated the overall experience a 10 out of 10, describing the engagement as one that never felt transactional. “We’re really big advocates of Insight here,” he said. Red Cup IT is now in their second year of ISO 27001 and ISO 42001 surveillance with Insight Assurance, with scheduling flexibility and responsive communication remaining consistent strengths of the partnership.

Ready for Stress-Free Compliance?

Whether you’re building out your first AI governance framework or expanding an existing compliance program, our team of former Big 4 auditors brings the same level of expertise and care to every engagement.

More Case Studies

Ready for Stress-Free Compliance?

Whether you’re a two-person team or a global enterprise, our team of former Big 4 auditors brings the same level of quality and care to every engagement.

Let’s simplify compliance — together.

Let’s Talk Compliance

Share This Post

Let's Talk Compliance

Share a few details and our team will be in touch shortly to schedule a friendly, no-pressure conversation—no obligations, just answers.

Insight Assurance needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.