How Endpoint Security Shaped Bindplane's ISO 27001 Journey

Getting ISO 27001 certified is one thing. Building a compliance program that actually holds up between audits, without consuming your engineering team, is another problem entirely.

In our latest virtual event, Bindplane's Head of Security Tony Ramos joined Iru's Global Director of Solutions Maz Kahale to walk through how Bindplane approached ISO 27001 from the ground up: where they started, which gaps were hardest to close, how they consolidated evidence collection, and what continuous compliance looks like in practice once the initial certification is in hand.

Starting from a Strong Baseline

Bindplane wasn't starting from zero. By the time Tony joined the team, the organization already held a SOC 2 compliant posture and had deep familiarity with the operational discipline that comes with regulatory overhead. That foundation made the transition to ISO 27001 more intentional than reactive. Rather than treating the framework as a checklist to get through, the team approached it with two governing principles: only implement controls you can operationally enforce every single day, and consolidate evidence collection wherever possible.

The reasoning behind both was the same. If enforcing a control creates hours of manual overhead for engineers who should be building, it's not sustainable. And if collecting audit evidence means pulling your team into multi-week fire drills every year, the program isn't actually embedded in how you work.

Where Endpoints Became the Critical Gap

Bindplane is a cloud-native, globally distributed organization with no on-premise data center. That means their endpoints used by employees around the world are their biggest attack surface and their most consequential compliance risk.

When Tony mapped the gaps from their initial ISO readiness assessment against what they already had in place, most of what remained came down to two specific problems: DNS filtering across devices and preventing users from copying data to arbitrary external storage media.

In moving to Iru, Bindplane was able to bring their existing profiles and controls, giving them a SOC 2 baseline on day 1 without building from scratch.When Bindplane moved MDM providers, they were able to bring their existing profiles and controls into Iru directly, giving them a SOC 2 baseline on day one without having to rebuild from scratch. From there, the team applied the relevant CIS and compliance profiles, evaluated their remaining gaps, and tuned from there.

Migrating Without Disrupting the Business

One of the early requirements Tony set for the program was minimal disruption to employees. Rekeying a device's security posture shouldn't knock a CEO off a call. Policy enforcement shouldn't generate a flood of helpdesk tickets.

Once devices were enrolled, the volume of user complaints was low. When issues did surface, most were resolved with a few clicks in the platform. For anything more involved, Iru support was able to drive resolution without extended back-and-forth.

Evidence Collection as an Operational Reality

ISO 27001 audits require significant evidence. c And for most security teams, that evidence collection is where compliance programs quietly break down: hours spent in spreadsheets, coordinating with different system owners, pulling screenshots from a half-dozen tools, hoping nothing has drifted since the last time you checked.

With Iru, Bindplane runs endpoint management, EDR, and vulnerability management through a single platform. This enabled Tony to pull all the evidence he needs without leaving Prism.For controls tied to the device state, it's a matter of opening the platform and exporting. No cross-team coordination. No waiting for someone else to grab a screenshot from a system they own.

That matters especially for teams with clear separation of duties. In environments spread across multiple tools, gathering evidence often means coordinating with whoever owns each system, waiting on screenshots, and hoping configurations haven't drifted in the meantime. Because everything at Bindplane runs through a single platform, they can pull information they need without that coordination overhead.

Life After Certification

Getting certified was the first hard part. The second is making sure nothing drifts.

For some organizations, the surveillance audit is the first time they look back at their controls since the initial certification. For Bindplane, the program is continuously active. They're always evaluating what they have in place, testing it against updated benchmarks, and introducing new controls as their product and tooling evolve.

When Iru updates a CIS benchmark, acting on it is straightforward: set up a pilot blueprint, apply the updated profile to a test group, confirm it works, and roll it out. The iteration cycle is short enough that staying current doesn't create a project.

When a new tool or application comes into the environment, it triggers a full risk assessment. What controls need to be added? What DLP rules should be in place? The process is deliberate by design, because the alternative is finding out at audit time that something slipped through.

What Bindplane Would Do Differently

When asked what he'd change about the journey, Tony pointed to one thing: the evaluation process for endpoint protection.

Early on, MDM and endpoint protection were evaluated as separate conversations. The team ran pilots across multiple platforms before landing where they ended up. In hindsight, consolidating around a single platform from the start, one that covers endpoint management, EDR, and vulnerability management together, would have saved significant time. The payoff is visible now: evidence collection lives in one place, not many.

The Platform Behind the Program

Bindplane's ISO 27001 certification didn't happen because they found the right framework or hired the right auditor. It happened because they had a clear view of their endpoints at every stage of the process, and a platform that made acting on that visibility simple.

Iru gave Bindplane a unified place to manage device configuration, enforce security baselines, run EDR, and collect audit evidence, without stitching together a stack of point solutions. When gaps appeared, closing them was a matter of applying a profile, not spinning up a new tool evaluation. When auditors asked for evidence, pulling it didn't require a cross-team effort. And when CIS benchmarks improved, adopting them took minutes, not a project.

That's what continuous compliance actually looks like in practice: not a sprint before an audit, but a posture that's maintained as a byproduct of how your environment already operates.

Want to see how Iru helps teams build and maintain a compliance-ready endpoint posture? Request a demo.