Services
Persoft designs and operates compliant platforms with SRE discipline: from ISO 27001 / SOC 2 readiness through day‑to‑day operations, focused on predictable outcomes and cost.
What we offer
End-to-end services for compliance, security, and platform engineering.
ISO 27001 readiness
Design and implement your ISMS aligned with ISO 27001:2022, including risk register, Statement of Applicability and audit-ready documentation.
SOC 2 Type I/II
From initial readiness to attestation, we help you design controls, automate evidence collection and work effectively with auditors.
DevOps & platform engineering
Build and operate secure delivery platforms for regulated environments with infrastructure as code, observability and SRE practices.
Secure SDLC & AppSec
Threat modeling, secure coding practices, CI/CD hardening and integration of application security tooling into developer workflows.
vCISO & GRC
Fractional security leadership, governance and risk management with integration to Jira, Confluence, Vanta, Drata and Tugboat.
Defense & regulated industries
Support for defense and highly regulated customers, including CMMC, NIST SP 800-53 / 800-171 and export-controlled workloads.
Our method
A proven approach to deliver predictable compliance and SRE outcomes.
Deliverables typically include a risk register, Statement of Applicability (SoA), policies, runbooks, diagrams and audit-ready evidence packs.
How engagements work
We structure work into clear phases so scope and commercial terms stay predictable.
Discovery & assessment
Short, fixed-scope effort to map your current controls, risks and reliability posture.
Implementation
Time-boxed projects to deliver agreed controls, SRE improvements and documentation.
Operate & improve
Optional ongoing support for SRE, compliance operations and audit preparation.
Months
Typical first certification timeline
Pricing
Clear deliverables and costs upfront
Fintech & Defense
Teams under strict regulatory scrutiny
Engagement styles
Retainers, projects, or embedded teams
Not sure where to start?
Share your current situation and requirements and we'll outline a pragmatic engagement with clear phases, deliverables and pricing.