📚 Free GDPR guide with every booking — Book now
Genroks
Back to case studies
Nordsec: From client pressure to ISO 27001 audit-ready in one week logo
ISO 27001

Nordsec: From client pressure to ISO 27001 audit-ready in one week

Timeline

7 days

Team size

21 to 50

Standards

ISO 27001

Result

Audit-ready in 7 days

“We moved from client pressure to audit-ready in one week, with a clear path from kickoff to certificate.”

N

Nordsec team

Cybersecurity SaaS

Nordsec logo

"We moved from client pressure to audit-ready in one week, with a clear path from kickoff to certificate."
Milica Petronijević, Nordsec

Client context

Nordsec is a growing cybersecurity SaaS company selling into mid-market and enterprise accounts. Their pipeline was strong, but security questionnaires and procurement reviews started stalling late-stage deals. Buyers wanted evidence of a mature information security management system, not just policy docs.

Challenge

The team had good technical controls but lacked a certification-ready structure:

  • Policies existed in different tools and formats
  • Risk treatment decisions were not centrally documented
  • Asset ownership and evidence trails were inconsistent
  • Leadership needed a fast path that would not interrupt product release timelines

They needed a practical ISO 27001 implementation that could move quickly from planning to audit readiness.

What we implemented

  • Scoped the ISMS around production systems, customer data workflows, and support operations
  • Mapped Annex A control ownership across engineering, product, and operations
  • Consolidated policies into a single ISO 27001-aligned document set
  • Built an evidence checklist by control with clear owners and deadlines
  • Ran audit-prep sessions for leadership and control owners
  • Supported final review responses before the certification stage

Timeline

  • Day 1: Kickoff, scope confirmation, gap map, owner assignment
  • Day 2-3: Policy consolidation, risk register and treatment plan alignment
  • Day 4-5: Control evidence collection and internal readiness checks
  • Day 6: Pre-audit workshop and corrective adjustments
  • Day 7: Final audit-readiness review and submission package

Outcome

Within one week, Nordsec moved from reactive client-pressure mode to a structured ISO 27001-ready operating model.

  • Audit-ready documentation and evidence package delivered in 7 days
  • Security and procurement conversations became faster and more predictable
  • Teams gained role clarity for ongoing compliance ownership
  • Leadership got a repeatable system they could maintain post-certification

Next move

If your sales cycle is blocked by security reviews, a focused ISO 27001 sprint can create momentum fast. The key is not only speed, but clear ownership, practical evidence workflows, and confident audit preparation.

Back to case studiesGet the same result