Skip to content

How Endpoint Security Shaped Bindplane's ISO 27001 Journey

How endpoint security shaped Bindplane's ISO 27001 journey

Getting ISO 27001 certified is one thing. Building a compliance program that actually holds up between audits, without consuming your engineering team, is another problem entirely.

In our latest virtual event, Bindplane's Head of Security Tony Ramos joined Iru's Global Director of Solutions Maz Kahale to walk through how Bindplane approached ISO 27001 from the ground up: where they started, which gaps were hardest to close, how they consolidated evidence collection, and what continuous compliance looks like in practice once the initial certification is in hand.

Starting from a Strong Baseline

Bindplane wasn't starting from zero. By the time Tony joined the team, the organization already held a SOC 2 compliant posture and had deep familiarity with the operational discipline that comes with regulatory overhead. That foundation made the transition to ISO 27001 more intentional than reactive. Rather than treating the framework as a checklist to get through, the team approached it with two governing principles: only implement controls you can operationally enforce every single day, and consolidate evidence collection wherever possible.

The reasoning behind both was the same. If enforcing a control creates hours of manual overhead for engineers who should be building, it's not sustainable. And if collecting audit evidence means pulling your team into multi-week fire drills every year, the program isn't actually embedded in how you work.

Where Endpoints Became the Critical Gap

Bindplane is a cloud-native, globally distributed organization with no on-premise data center. That means their endpoints used by employees around the world are their biggest attack surface and their most consequential compliance risk.

When Tony mapped the gaps from their initial ISO readiness assessment against what they already had in place, most of what remained came down to two specific problems: DNS filtering across devices and preventing users from copying data to arbitrary external storage media.

In moving to Iru, Bindplane was able to bring their existing profiles and controls, giving them a SOC 2 baseline on day 1 without building from scratch.When Bindplane moved MDM providers, they were able to bring their existing profiles and controls into Iru directly, giving them a SOC 2 baseline on day one without having to rebuild from scratch. From there, the team applied the relevant CIS and compliance profiles, evaluated their remaining gaps, and tuned from there.

Migrating Without Disrupting the Business

One of the early requirements Tony set for the program was minimal disruption to employees. Rekeying a device's security posture shouldn't knock a CEO off a call. Policy enforcement shouldn't generate a flood of helpdesk tickets.

Once devices were enrolled, the volume of user complaints was low. When issues did surface, most were resolved with a few clicks in the platform. For anything more involved, Iru support was able to drive resolution without extended back-and-forth.

Evidence Collection as an Operational Reality

ISO 27001 audits require significant evidence. c And for most security teams, that evidence collection is where compliance programs quietly break down: hours spent in spreadsheets, coordinating with different system owners, pulling screenshots from a half-dozen tools, hoping nothing has drifted since the last time you checked.

With Iru, Bindplane runs endpoint management, EDR, and vulnerability management through a single platform. This enabled Tony to pull all the evidence he needs without leaving Prism.For controls tied to the device state, it's a matter of opening the platform and exporting. No cross-team coordination. No waiting for someone else to grab a screenshot from a system they own.

That matters especially for teams with clear separation of duties. In environments spread across multiple tools, gathering evidence often means coordinating with whoever owns each system, waiting on screenshots, and hoping configurations haven't drifted in the meantime. Because everything at Bindplane runs through a single platform, they can pull information they need without that coordination overhead.

Life After Certification

Getting certified was the first hard part. The second is making sure nothing drifts.

For some organizations, the surveillance audit is the first time they look back at their controls since the initial certification. For Bindplane, the program is continuously active. They're always evaluating what they have in place, testing it against updated benchmarks, and introducing new controls as their product and tooling evolve.

When Iru updates a CIS benchmark, acting on it is straightforward: set up a pilot blueprint, apply the updated profile to a test group, confirm it works, and roll it out. The iteration cycle is short enough that staying current doesn't create a project.

When a new tool or application comes into the environment, it triggers a full risk assessment. What controls need to be added? What DLP rules should be in place? The process is deliberate by design, because the alternative is finding out at audit time that something slipped through.

What Bindplane Would Do Differently

When asked what he'd change about the journey, Tony pointed to one thing: the evaluation process for endpoint protection.

Early on, MDM and endpoint protection were evaluated as separate conversations. The team ran pilots across multiple platforms before landing where they ended up. In hindsight, consolidating around a single platform from the start, one that covers endpoint management, EDR, and vulnerability management together, would have saved significant time. The payoff is visible now: evidence collection lives in one place, not many.

The Platform Behind the Program

Bindplane's ISO 27001 certification didn't happen because they found the right framework or hired the right auditor. It happened because they had a clear view of their endpoints at every stage of the process, and a platform that made acting on that visibility simple.

Iru gave Bindplane a unified place to manage device configuration, enforce security baselines, run EDR, and collect audit evidence, without stitching together a stack of point solutions. When gaps appeared, closing them was a matter of applying a profile, not spinning up a new tool evaluation. When auditors asked for evidence, pulling it didn't require a cross-team effort. And when CIS benchmarks improved, adopting them took minutes, not a project.

That's what continuous compliance actually looks like in practice: not a sprint before an audit, but a posture that's maintained as a byproduct of how your environment already operates.

Want to see how Iru helps teams build and maintain a compliance-ready endpoint posture? Request a demo.

 

 

Recent Articles

Featured image: Enroll Windows devices automatically through Autopilot
Lance Crandall 2 min read

Enroll Windows devices automatically through Autopilot

Setting up a new Windows device used to mean manual imaging and IT getting their hands on hardware, and many teams are still doing it this way. Windows Autopilot offers a better path: zero-touch deployment where devices ship direct from the vendor and enroll the moment the employee signs in for the first time. Iru connects directly to that flow, so the setup you configure once applies to every device.

Product News
Featured image: NVD's shift to risk-based prioritization: how Iru Vulnerability Management stays ahead of the limitations
Shwena Kak 6 min read

NVD's shift to risk-based prioritization: how Iru Vulnerability Management stays ahead of the limitations

Summary NIST formally transitioned the National Vulnerability Database to a risk-based enrichment model in April 2026, meaning only CVEs that meet specific criteria, like those in CISA's KEV catalog or affecting federal software, will be prioritized for enrichment. Everything else gets deferred. This leaves a significant gap for security teams that depend on NVD data for vulnerability management. Iru VM was built to operate independently of NVD's limitations, drawing from multiple sources and providing its own human-in-the-loop enrichment. To date, Iru's Security Research team has enriched close to 2,000 CVEs and corrected around 170 inaccurate NVD records, with 66% of all vulnerability detections across customer endpoints driven by Iru-enriched data. The CVE program has long been a vital part of vulnerability intelligence and protecting critical infrastructure. For the past couple of decades, the National Vulnerability Database (NVD), run by NIST, has served as a foundational reference for vulnerability intelligence, providing severity scores, product metadata, and structured enrichment that security teams and tooling depend on every day.

Threat Intelligence
Featured image: How to build a tech stack that runs itself
Iru Team 5 min read

How to build a tech stack that runs itself

Summary Gorilla's IT lead shares the playbook he uses to automate onboarding, offboarding, and compliance with Iru so routine work runs itself and the team can focus on higher-value projects. IT teams are being asked to do more than ever. Device management, security, compliance, AI enablement, and often all of it with a team of one. The difference between keeping up and falling behind often comes down to how much of the routine work can run without you.

Educational

See Iru in action

Discover why thousands of teams choose Iru

 By submitting this form I agree to Iru’s Privacy Policy and consent to be contacted by Iru about its products and services.

Stay up to date

Iru's bi-weekly collection of articles, videos, and research to keep IT & Security teams ahead of the curve.