Making ISO/IEC 27001 Compliance a Reality for Startups

How Pyne gained credibility and scaled through strategic compliance.

Based in Berlin, Germany, Pyne is a B2B SaaS startup dedicated to making software effortless to navigate. By leveraging AI-driven product demos, Pyne enables users to experience a product’s value earlier, more easily, and at scale.

  • ISO/IEC 27001

Challenge

Driven by client deadlines and the knowledge that ISO/IEC 27001 would help Pyne win larger deals, the team started on their ISO/IEC 27001 journey.

The initial conversations in early 2024 involved Pyne evaluating the challenges involved with ISO/IEC 27001. As a startup and small team, they were conscious of the time investment and capacity restraints. This ultimately led Pyne to pause the process until late 2024.

The first audit firm Pyne spoke to was “quite traditional in their audit process. They needed people present in the office, which required extra travel costs, as they were based in Munich and we are in Berlin. As a startup, we wondered if this was justifiable and started researching auditors in Berlin,” says Roman Geugelin, founder at Pyne.

Pyne was introduced to Sensiba through Secfix, Pyne’s compliance automation platform. What stood out from the beginning was Sensiba’s modern and fully remote approach to audits.

“For our customers using our onboarding agents, security is super important. Sensiba helped us achieve the ISO/IEC certification our customers required easily and fast.”

Roman GeugelinFounder, Pyne
Pyne

Solution

Initial discussions in late November 2024 clarified that Pyne needed to obtain ISO/IEC 27001 certification by the end of January 2025 to meet a client deadline. Internal prioritization was not a concern for the Pyne team. However, as this was their first time going through the process, they lacked clarity on external timelines. While they were fully prepared to contribute all necessary efforts on their side, they required a reliable partner to plan and execute the process effectively.

Sensiba rose to this challenge and outlined a timeline from the kick-off to certification, helping reassure Pyne that this was achievable. From here, the kick-off call was held, and the audit process began.

While time zone challenges were an initial concern, Geugelin noted that they ultimately worked in their favor throughout the process. Pyne was able to upload evidence, have Sensiba review it overnight, and then come back the next day to review any queries. This also helped the team plan and prioritize the ISO/IEC 27001 audit and other priorities.

Result

The biggest benefit of achieving ISO/IEC 27001 has been setting up the Pyne Trust Center. This enables the team to have all security certifications in one place, ready to demonstrate their commitment to security at any moment. Geugelin also stated the time it takes when filling out security questionnaires and how having ISO/ IEC 27001 certification will help speed up this process.

Now that Pyne has their ISO/IEC 27001 certification, they are working toward continuous compliance and continuing to grow and evolve their product and business.

Ready to get started?

Find out how our GRC team can help you with your compliance. Contact us to learn more about how we can work together toward your goals.

Ready for more inspiration? Dive into additional client success stories where we showcase diverse projects, innovative solutions, and the transformative impact we’ve had on businesses like yours.