27kay

Compliance that makes sense.

Boutique information security consulting for startups and small companies that want more than a certificate on the wall.

Let's talk →

What we do

ISO 27001 Certification

From initial assessment to successful audit - no unnecessary bureaucracy, just processes that actually work.

SOC 2 Compliance

SOC 2 audit preparation tailored to your business reality - from scoping to a successful report.

Virtual CISO (vCISO)

Strategic security leadership from an experienced professional - without hiring a full-time executive.

GDPR Compliance

Practical GDPR compliance for your business - from assessing where you stand to implementing processes that actually work.

ISO 27001 Internal Audit

We conduct ISO 27001 internal audits - identifying nonconformities and preparing your organization for a successful certification audit.

Why us

No templates

Every project is different. The processes are yours, not copied from a textbook.

No disappearing

We stay after the audit. The certificate is the beginning, not the end.

No jargon

We speak plain language. If something isn't clear - we haven't explained it well enough.

From the blog

All articles →

ISO 27001 Clause 8.3: Risk Treatment

Clause 8.3 requires you to implement your risk treatment plan and retain evidence. How to track control implementation and what auditors expect to see.

September 16, 2024

ISO 27001 Clause 8.2: Risk Assessment

Clause 8.2 requires you to perform risk assessments at planned intervals and when changes occur. How to run them, what to document, and what auditors expect.

September 10, 2024

ISO 27001 Amendment 1: Climate Change

ISO 27001:2022 Amendment 1 adds climate change to organizational context. What actually changed, what you need to do, and why it matters less than you think.

March 5, 2024

We work with

PECB Vanta eramba

Not sure where to start?

Let's start with a conversation - no commitment, no jargon. Even if we're not the right fit, we'll point you in the right direction.

Book a free consultation →