Case study · FinTech

ISO 27001 and SOC 2 in seven months

CyPro-led compliance took Pactio from standing start to dual certification while reducing overall cyber risk.

Client

Pactio

Pactio logo

Outcome

ISO 27001 and SOC 2 achieved within 7 months

The challenge

For a high-growth FinTech, security certifications are not a nice-to-have. Enterprise customers and investors expect ISO 27001 and SOC 2 as table stakes, and every month without them slows deals down. Pactio needed both, quickly, without derailing the product roadmap or burying a small team in bureaucracy.

What we did

A dedicated CyPro security lead took ownership of the compliance programme end to end: scoping the information security management system, prioritising the controls that genuinely reduce risk rather than just satisfy auditors, and driving the evidence gathering week by week. Because the same person owned both frameworks, overlapping requirements were done once, not twice.

The outcome

Pactio achieved ISO 27001 and SOC 2 within seven months. Just as importantly, the controls implemented along the way measurably reduced the company’s overall cyber risk, so the certificates reflect genuine security rather than paperwork.

"Within 7 months Pactio achieved both ISO and SOC2 compliance, as well as reduced overall cyber risk."
Sophie Fallen , Operations Lead, Pactio
3D rocket illustration for booking a free MDR discovery call

Take the first step

Put a 24/7 SOC behind your business

Book a free 45 minute discovery call to talk through your environment and see exactly how managed detection and response would work for your business. No obligation, no hard sell.