Contact 27kay
Get a custom proposalISO 27001 & SOC 2, built to last beyond audit
27kay helps SaaS companies design, certify, and operate information security programs that scale with the business. We cover the full compliance lifecycle: scoping, gap assessment, ISMS implementation, internal audit, certification support, and ongoing vCISO operation.
Core service areas:
- ISO/IEC 27001:2022 certification and ongoing maintenance
- SOC 2 Type I and Type II readiness and audit support
- Virtual CISO (vCISO) engagements, sized to stage and budget
- Internal audit, risk assessment, and Statement of Applicability development
Our team brings over 22 years of practitioner experience in information security across telecom, cloud SaaS, and regulated industries, and active engagement in real-world ISMS operations alongside the consulting practice.
We typically work with two types of clients: founders and security leaders preparing for their first ISO 27001 or SOC 2 certification, often to unlock enterprise contracts; and mature security teams who want their ISMS to keep producing value year after year. Engagements are scoped to your stage, your tooling, and your audit calendar.
Headquartered in Estonia (27kay OÜ), with EU and international delivery.
-
Min project size
$5,000+
-
Hourly rate
$100 - $149 / hr
-
Employees
2 - 9
-
Locations
Tallinn, Estonia
-
Year founded
Founded 2023
2 Locations
- Tallinn , Estonia
- Sofia , Bulgaria
Service Lines
- Cybersecurity
- 40%
- Compliance Consulting
- 25%
- Business Continuity Management
- 20%
- AI Consulting
- 15%
No Focus Areas have been added yet…
Industries
No Industries have been added yet…
Clients
No Clients have been added yet…
Have you worked with 27kay?
Share your experience working with 27kay on a past project by leaving a review for buyers around the world
Our Story
27kay is a boutique, remote-first security consultancy led by Lyudmil Arkov. Built on 22+ years in IT and a decade in security leadership, we help SaaS companies turn ISO 27001, SOC 2, NIS2, TISAX, C5, and ISO 42001 into practical, business-aligned controls. Our work covers the full compliance lifecycle: scoping, gap assessment, ISMS build, certification support, and ongoing operation. The goal is a security program that scales with your business and produces value year after year.
Meet the Team
Lyudmil ArkovFounder & Principal Consultant
Founder of 27kay. 22+ years in IT and security, spanning telecom, sysadmin, and security leadership. Master's in Cybersecurity (New Bulgarian University). Focus: ISO 27001, SOC 2, NIS2, and vCISO engagements for SaaS companies.
What Sets Us Apart
Lifecycle-led, not certification-only
We treat ISO 27001 and SOC 2 as ongoing programs, not one-time projects. Engagements span scoping, gap assessment, ISMS build, certification, and continuous operation in one continuous arc.Practitioner-led delivery
Beyond consulting, we operate ISMS programs inside real-world environments. That hands-on experience shapes every recommendation, every control design, and every audit-readiness call.Stack-native ISMS
We meet you where you already work. ISMS delivery integrates with your existing stack: Notion, Linear, GitHub, Jira, Confluence, Vanta. The security program lives where work happens, and adoption follows.Locations (2)
Contact 27kay
If you’re not seeing exactly what you need here, send this company a custom message. You can talk about your project needs, price, and timeline to get started on your project.
Sign in to see which brands trust 27kay.
Get connected to see updates from 27kay like new case studies, latest reviews, their latest masterpieces in their portfolio, delivered straight to you.