Kantis resources
Customer proof

How Centinel Analytica reached ISO 27001 in under two months, with 15-20 hours from the team

Centinel Analytica, a German startup that tells genuine users apart from bots, AI agents, and stealth crawlers, started losing time to enterprise security reviews. Kantis turned its existing security setup into audit-ready ISO 27001 proof and GDPR readiness — without pulling engineers off product.

See how fast your own ISO 27001 path could be. No commitment.

Results at a glance

  • ISO 27001 certified in under two months from kickoff.
  • 15-20 hours total from the Centinel team across the whole process.
  • GDPR readiness completed alongside certification for customer and procurement conversations.
  • Certificate issued by a UKAS-accredited certification body; Kantis ran readiness, internal audit, evidence, and coordination.
  • Engineers stayed on product — no six-month compliance project.

The customer

Centinel Analytica is a German startup that helps organisations tell genuine users apart from bots, AI agents, stealth crawlers, and other automated traffic.

That puts Centinel in a trust-sensitive category. Customers are not only buying software; they rely on Centinel to support decisions about real users, suspicious traffic, and security-relevant signals. For a company whose product is trust, its own security posture is a commercial requirement, not a nice-to-have.

The trigger: customers started asking for ISO 27001 and SOC 2

The trigger was direct customer pressure. Centinel's enterprise customers began asking for ISO 27001 and SOC 2, which meant security proof was becoming part of sales and procurement conversations — the same "prove you're secure before we buy" moment that stalls deals for so many B2B and AI startups.

For Centinel, ISO 27001 was not about a badge. It was about showing that its information security management system, risk work, policies, evidence, and operating controls could stand up to independent review — quickly, and without derailing the roadmap.

The challenge: prove trust without a six-month project

Centinel already had a technically mature baseline. The team had strong engineering practices and the right security instincts, but those practices still needed to be translated into audit-ready evidence.

The risk was time. A lean technical team cannot afford a six-month compliance project that pulls engineers away from product work. The goal was to make the process credible, but keep the team focused on the few inputs only they could provide.

The Kantis approach to ISO 27001 for a lean technical team

Kantis supported Centinel through the ISO 27001 path by:

  1. Running the internal audit work.
  2. Mapping existing security and engineering practices into audit evidence.
  3. Preparing policies, risk material, and operating records around how Centinel actually worked.
  4. Coordinating with the UKAS-accredited certification body.
  5. Keeping open questions focused so engineers did not need to manage the compliance process themselves.
  6. Completing GDPR readiness and check work for customer and procurement conversations.
  7. Helping package the outcome into Centinel's customer-facing Trust Portal.

Kantis did not audit, certify, or issue the ISO 27001 certificate. The certificate was issued by a UKAS-accredited certification body. Kantis supported readiness, internal audit work, evidence preparation, coordination, GDPR readiness checks, and customer-facing proof materials.

The result: ISO 27001 in under two months, 15-20 hours of team time

Centinel Analytica reached ISO 27001 certification in under two months.

The practical outcome was the important part: Centinel's engineers spent approximately 15-20 hours total on the whole process. Kantis absorbed the internal audit, evidence mapping, and auditor coordination, while the Centinel team stayed focused on product.

Kantis also completed GDPR readiness and check work, giving Centinel a clearer package for customer and procurement conversations alongside the ISO 27001 certificate and Trust Portal.

"The trigger was simple: our customers started asking for ISO 27001 and SOC 2. We help companies tell genuine users apart from bots and AI agents, so proving our own security posture isn't optional – it's part of the product promise. What we didn't want was a six-month project that pulled the team off building. Working with Kantis, it didn't feel like that. Misha did our internal audit, handled the auditor coordination, and helped us turn what we already had into proper evidence. Our engineers spent somewhere around 15 hours total, and we were ISO 27001 certified in about two months. For an early team, that's exactly how this should go."

Simeon Räthel, Co-founder & CEO, Centinel Analytica

What this proves

Centinel shows the kind of ISO 27001 path that works for a small, technical team:

  • start with a real customer requirement
  • map existing security practices before inventing new process
  • turn engineering reality into evidence the auditor can review
  • keep founder and engineering time protected
  • package the result into proof customers can actually use

It also shows why ISO 27001 and GDPR readiness often belong together for European startups. One gives independent certification of the information security management system. The other helps answer privacy and data-handling questions that appear in the same customer and procurement conversations.

What founders should take from this

If your customers are starting to ask for ISO 27001 or SOC 2, the best time to start is before procurement blocks a deal. You may already have many of the right controls in place; the missing piece is usually evidence, structure, and a credible audit route.

For early teams, the goal is not to build a compliance department. It is to prove trust in a way that lets the team keep building — the way Centinel did in under two months, with 15-20 hours of its own time.

Get the same path for your startup

Centinel started with a free ISO 27001 gap assessment: a short, no-commitment call that maps where you are today, what would actually block certification, and how fast you could realistically get there.

If enterprise customers are starting to ask you for ISO 27001, SOC 2, or a trust page, that call is the cheapest way to find out whether you are weeks or months away.

Book a free ISO 27001 gap assessment

See how fast your own ISO 27001 path could be. No commitment.

Frequently asked questions

Was Centinel Analytica certified by Kantis? +

No. Kantis supported readiness, evidence preparation, internal audit work, and auditor coordination. The ISO 27001 certificate was issued by a UKAS-accredited certification body.

How long did ISO 27001 take? +

Centinel Analytica reached ISO 27001 certification in under two months.

How much time did the Centinel team spend? +

The team spent approximately 15-20 hours total on the process, with Kantis handling internal audit work, evidence mapping, and auditor coordination.

Was GDPR part of Centinel's completed trust work? +

GDPR is not a certification in the same way ISO 27001 is. Kantis completed GDPR readiness and check work to support customer and procurement conversations.

What about SOC 2? +

Customers were asking about ISO 27001 and SOC 2. This case study covers the completed ISO 27001 path and GDPR readiness checks; SOC 2 is a separate trust path Kantis also supports.

How much does ISO 27001 cost for a startup? +

Cost depends on scope, team size, and auditor. Kantis publishes a startup-focused ISO 27001 cost breakdown, and offers a free gap assessment to estimate your own timeline and budget before you commit.

We use optional analytics cookies to understand what is working and improve Kantis. Vercel Analytics gives us cookieless aggregate traffic stats, while PostHog only runs if you accept. Privacy Policy