Case study · FinTech

Dual certification at FinTech speed

CyPro carried Pactio from a standing start to ISO 27001 and SOC 2, with the controls doing real security work along the way.

Client

Pactio

Pactio logo

Outcome

ISO 27001 and SOC 2 both landed inside seven months

The situation

Pactio sells into a market where the security questionnaire arrives before the contract does. Without ISO 27001 and SOC 2, enterprise deals stall and investor due diligence drags; with a small team shipping product at pace, nobody had capacity to run two certification programmes side by side, and hiring for it would have taken longer than the certifications themselves.

How the CyPro team approached it

One CyPro practitioner owned the whole programme, and treated the two frameworks as one body of work: where ISO 27001 and SOC 2 ask overlapping questions, the evidence was produced once and mapped to both. Control selection was ruthless about substance, favouring the measures that genuinely cut risk for a cloud-native FinTech over checkbox exercises, and the evidence trail was built into the team’s normal working week instead of a pre-audit scramble.

What changed

Seven months after starting from scratch, Pactio held both certificates. The company’s measured cyber risk fell over the same period, which is the point most compliance projects miss: the audits were passed by becoming more secure, not by producing paperwork that says so.

"Within 7 months Pactio achieved both ISO and SOC2 compliance, as well as reduced overall cyber risk."
Sophie Fallen , Operations Lead, Pactio
3D rocket illustration for booking a free MDR discovery call

Take the first step

Put a 24/7 SOC behind your business

Book a free 45 minute discovery call to talk through your environment and see exactly how managed detection and response would work for your business. No obligation, no hard sell.