Compliance &legal notices

Thorium DC, LLC delivers technology strategy, secure engineering, and compliance-readiness services for organizations in regulated and risk-sensitive sectors, including federal contractors, healthcare, financial services, and critical infrastructure suppliers operating in or around Washington, DC.

Our work may align to NIST CSF, NIST SP 800-171, CMMC, SOC 2 readiness, HIPAA security rule support, FedRAMP preparation, and related frameworks. We provide gap assessments, remediation planning, control implementation support, and evidence preparation assistance. We are not a C3PAO, SOC 2 auditor, FedRAMP 3PAO, law firm, or CPA firm. We cannot certify, authorize, or attest on your behalf. Assessment results depend on your environment, scope, timing, and the independent assessors you engage.

Clients retain ownership of security posture, operational controls, incident response, and regulatory relationships. We do not guarantee pass rates, contract awards, insurance approvals, or absence of findings. Liability and deliverables for paid work are defined only in executed statements of work or master services agreements, including limitation-of-liability and indemnification terms where applicable.

Thorium is an independent commercial vendor. Unless stated in a signed contract, we are not affiliated with, endorsed by, or acting for the U.S. Government, Department of Defense, GSA, or any agency. References to federal frameworks describe alignment support, not government approval.

Website content, proposals, and informal discussions are not legal, tax, insurance, or formal audit opinions. Engage qualified counsel and licensed auditors for binding guidance. When we coordinate with your legal or audit teams, we act as a technology vendor under your direction.