We are thrilled to announce 📢 Kosli is now SOC 2 Type 2 compliant - Read more
✨ New Feature: Kosli Trails is live ✨ Create comprehensive audit trails for any DevOps activity - Read more
Stacc logo

How Stacc passed their ISO27001 audit without disruption or paperwork

published February 5, 2023
  • Financial
  • Cloud
  • Europe
  • Enterprise
When Stacc applied for ISO27001 certification they were worried about disrupting their existing automation and losing the freedom to choose their processes and tools. They also wanted to avoid introducing gates and manual processes. By integrating Kosli they were able to prove compliance without adding any friction to their software delivery.

  • Challenges

    • How to get certified without adopting a rigid “off the shelf” process
    • How to avoid gates, checklists and change board meetings
    • How to pass an audit without manual evidence gathering

  • Solutions

    • Integration with all of their different processes and tools 
    • Automated evidence gathering in their pipelines and environments 
    • Provable compliance without paperwork, meetings or delays

Stacc

Location
Bergen, Norway
Industry
Cloud-based digital solutions for fintech
Profile
Founded 1981
FTE 190
Website
www.stacc.com
Book a time with us to discuss your compliance needs

We didn’t spend any extra time gathering evidence manually because all of it had already been recorded in Kosli.

Øyvind Fanebust, Partner @Stacc

Øyvind Fanebust, Partner @Stacc

We have a strong culture of autonomy across our teams and we wanted to keep that. The big question for us was - how can we keep doing DevOps in our teams and standardize compliance across them? Also, as a developer, the change management part of the ISO certification worried me. I thought it would mean meetings and checklists.

We started with a proof of concept in two teams with Github and Bitbucket. The teams chose the types of evidence that they wanted to record in Kosli - pull requests, code reviews, and so on. 

When it comes to the change management part of the audit, all the auditor needs to know is that you have a process and that you’re following it. All we had to do was show them the Kosli dashboard. 

We were delivering our software according to our process, but until Kosli we didn’t have an easy way to prove we were compliant

We could bring up any change and display the evidence that it had been through code review, had a deployment approval done by a certain person on a certain date, and that it was running in production. 

We didn’t spend any extra time gathering evidence manually because all of it had been recorded in Kosli. We were delivering software according to our process, but until Kosli we didn’t have an easy way to prove that we were compliant. 

When it came to the change management part of the ISO27001 audit we passed with flying colors.

Download the Stacc case study

Get help on your journey to compliance

Characters booking a meeting with Kosli
Book some time with us to discuss the compliance needs in your organization.
Icons for Kosli's Secure SDLC Process Template
Start the conversation in your company with our Secure SDLC Process Template - SSDLC done right
Øyvind icon and infinite loop
See Øyvind’s talk on Stacc’s ISO journey at NDC Conference

Ready to ship with more confidence?

Get security and compliance you can trust without slowing down or changing your tools.
Request a demo Start for free
Auditor and Kosli user

Got a question about Kosli?

We’re here to help, our customers range from larges fintechs, medtechs and regulated business all looking to streamline their DevOps audit trails

Contact us