Axiom GRC Expands Into Canada With Acquisition of MHM

Key Takeaways

• Axiom GRC Expands Into Canada: The acquisition of Calgary-based MHM marks Axiom GRC's first entry into the Canadian market and further extends its North American presence.
• Cybersecurity Assurance Capabilities Strengthened: MHM adds expertise in SOC 1, SOC 2, ISO 27001, and ISO 42001 assurance services, enhancing Axiom's cybersecurity and compliance offerings.
• North American Growth Strategy Continues: The transaction follows Axiom's acquisitions of IS Partners in 2025 and AssurancePoint in 2026, reflecting a broader effort to build a regional GRC assurance platform.
• AI Governance Expertise Added: MHM was the first Canadian organization accredited to deliver ISO 42001, bringing specialized capabilities in the emerging field of AI governance assurance.
• Consolidation Continues Across GRC Markets: The deal underscores growing demand for integrated technology, advisory, and assurance services as organizations seek stronger evidence of compliance, security, and governance effectiveness.

Deep Dive

Axiom GRC has made its first move into Canada, acquiring Calgary-based assurance firm MHM as it continues a steady expansion across North America. The deal brings a specialized cybersecurity assurance practice into Axiom's portfolio and extends the company's reach into a market where demand for independent compliance attestations, cybersecurity audits, and AI governance certifications has been growing rapidly.

Founded in 2020, MHM built its business around helping organizations demonstrate compliance with frameworks such as SOC 1, SOC 2, ISO 27001, and ISO 42001. While still a relatively young firm, it established a presence among small and mid-sized organizations across Canada and the United States seeking assurance services tied to cybersecurity and risk management programs.

The firm also became the first Canadian organization accredited to deliver ISO 42001, the international management system standard focused on artificial intelligence governance. For Axiom, the acquisition adds more than another office location. It adds a foothold in a market the company had not previously entered and deepens a North American assurance business that has taken shape through a series of acquisitions over the past two years.

Building a North American Assurance Platform

MHM will operate alongside IS Partners, the Pennsylvania-based IT compliance and risk advisory firm Axiom acquired in 2025. Together, the firms will expand Axiom's capabilities across SOC reporting, ISO certification services, cybersecurity risk assessments, and broader compliance assurance work.

The transaction follows Axiom's acquisition of AssurancePoint in January 2026 and represents the seventh acquisition completed since the company received backing from Inflexion. That sequence matters because it reveals the shape of Axiom's strategy. Rather than treating governance, risk, compliance, and assurance as separate disciplines, the company has been assembling a platform that combines technology, advisory services, training, and independent assurance under one umbrella.

Today, Axiom says it serves approximately 30,000 clients globally through businesses spanning health and safety, environmental compliance, employment law, cybersecurity, enterprise risk management, e-learning, and supply chain compliance.

"MHM provides meaningful scale to Axiom's North American presence in the GRC assurance market and creates real opportunity to accelerate growth across Canada and wider North America market," Chief Executive Officer Alex Dacre said in a statement.

He added that the acquisition brings an experienced team of specialists into the organization as Axiom continues building what it describes as a leading North American GRC assurance platform.

A Market Moving Beyond Compliance Checklists

The timing of the acquisition is notable. Assurance services tied to cybersecurity have evolved well beyond traditional compliance exercises. Customers increasingly want independent validation of security controls, risk management practices, and governance frameworks, particularly as regulators, enterprise buyers, and business partners place greater emphasis on demonstrable assurance.

The emergence of standards such as ISO 42001 has added another dimension to that market. Organizations experimenting with artificial intelligence are beginning to face questions that look familiar to anyone who has spent time in cybersecurity or privacy compliance: How are systems governed? Who is accountable? What evidence exists that controls are operating as intended?

Those questions create demand for the kind of advisory and attestation work firms such as MHM provide. For MHM founder Mark Mandel, joining a larger organization was as much about expanding capabilities as expanding geography.

"Becoming part of Axiom GRC and joining the IS Partners team gives us the opportunity to expand the services we can offer our customers and broaden our reach into global markets," Mandel said.

He cited shared values around quality and technical expertise as key factors behind the decision to join the group.

Consolidation Continues Across the GRC Sector

Organizations increasingly want integrated solutions rather than a collection of disconnected products, consultants, auditors, and training providers. That demand has fueled consolidation across the sector as firms seek to combine software platforms with specialist expertise and assurance capabilities.

Axiom's latest acquisition does not dramatically alter the competitive landscape on its own. What it does reveal is where the company believes growth will come from: not only through technology, but through the ability to help organizations prove that their controls, governance structures, and compliance programs actually work.

That proposition is becoming more valuable as assurance moves from a periodic requirement to a year-round expectation.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.