Germany-based, Secfix helps SMEs get certified in the security standard that they need to meet – in particular ISO 27001, but also TISAX, GDPR & SOC 2.
- What is ISO 27001? the most popular IT ‘seal of approval’ in Europe (& beyond). Whilst mostly voluntary, it is mandatory in some industries & countries e.g. in Germany, critical industries (KRITIS) must (according to §8a BSIG) implement ISO 27001 (or IT Grundshutz by BSI)
- ISO 27001 vs. SOC2? ISO 27001 focuses on establishing & maintaining an effective IT security mgmt system, while SOC2 merely evaluates the effectiveness of controls related to specific problem areas (e.g. security, availability, processing integrity, confidentiality & privacy)
- TISAX? developed by the ENX Association, it is (quasi) mandatory for automotive suppliers & manufacturers worldwide
- ISO 27001 vs. GDPR? adhering to ISO 27001 automatically makes you GDPR compliant. Ftoad, you can be GDPR compliant without implementing ISO 27001
So, how does Secfix work? Step 1, you connect your apps & infrastructure to the platform with 50+ integration for cloud services (AWS, GCP, Azure, Heroku), identity providers & SSO (Office 365, Google Workspace, Okta), ticketing (Linear, Azure Devops, Asana, Gitlab Issues, Github Issues, Trello, Shortcut, Click Up, Jira Service Management, Jira Software), HR* *coming soon (CharlieHR, BambooHR, Personio) & version control (GitLab, GitHub). Step 2, the platform offers a library of customizable & auditor-approved security policies (depending on which standard you chose) which you can publish to your employees. Step 3, complete tasks on your checklist. Then, the platform will perform hourly security checks to make sure standards are adhered to. Step 4, conduct an audit with a certifier. Fun fact, Secfix also runs Requestee, a pentest marketplace, to make sure you’re ready for the big day! Secfix claims its platform saves companies 40% of time “hundreds of hours” (& money) (certifiers also claim to save 30% of time “now able to issue certificates in weeks vs. months”). Fact is, as companies grow their tech stack, add SaaS integrations & change suppliers, their data practices evolve, making it a never-ending journey to maintain certification. As such, the global market for certification support is estimated at $16b. The US alone, <30 cybersecurity regulations, with a growing list of startups Vanta (€186m), Laika (€90m), Hyperproof (<€20m), StrikeGraph (€11m), Sprinto (<€10m), Jemurai (€n.a.) & ControlMap (acquired by ScalePad). (Fun fact: GGV Capital even powers Security4Startups, an open source guide to help you keep up). Competitors (which excludes consultancies) in Europe include e.g. Compleye (NL) (€0.7m) & Optimiso Group (CH) (€n.a.). Secfix was founded in 2019 by Fabiola Munguia (CEO), Grigory Emelianov (CTO) & Branko Dzakula (CISO). The team will use the new funding to expand certifications (e.g. HIPAA & Cyber Essentials, to name a few), increase the number of integrations (see HR above), as well as boost sales & marketing in Europe & expand customer support. <Source: siliconcanals.com, businessinsider.de, munich-startup.de, tech.eu>
