m2hycon_logo

ISO 27001 certification with zero findings: How m2hycon built a scalable ISMS with DataGuard

"It was clear from the start: you can’t build an ISMS on your own— not the first time around. We needed someone to guide us. With DataGuard, we had the perfect partner.”

Foto_NG

Natalia Grinberg

Senior Data Science Solution Designer

m2hycon

m2hycon is a strategic partner for businesses that rely on data and want to turn AI into real value. Whether it’s artificial intelligence, data science, machine learning, or optimization, the team at m2hycon combines mathematical expertise with hands-on technology consulting. From ideation and strategic planning to implementation, m2hycon supports customers every step of the way with tailored, long-term solutions.

Location

Germany

Company size

Small & medium business

Industry

Tech

Product

Security

Achieve ISO 27001 certification quickly and reliably

At m2hycon, customer data is at the core of every project. That’s why information security isn’t just a nice-to-have, it’s essential. As Senior Data Science Solution Designer Natalia Grinberg puts it: “If we can’t handle data properly, we simply won’t get hired.”

A strong commitment to data protection and compliance has always been part of m2hycon’s DNA, but growing business demands meant it was time to formalize that into a certified ISMS.

The goal: achieve ISO 27001 certification quickly and reliably. With DataGuard, they reached that milestone in under a year with zero audit findings.

Challenge

Working with sensitive data means trust is everything. m2hycon knew early on that on top of internal best practices, they needed proof, making ISO 27001 certification a strategic must-have.

A major customer made certification a requirement. Tenders increasingly excluded vendors without ISO 27001. Internally, it was clear that certified suppliers had an edge with smoother processes, fewer hurdles, and higher trust. That’s exactly the standard m2hycon wanted to set.

They needed a solution that provided structure without adding unnecessary complexity one that could be adapted to their business and help them stay on track alongside daily operations.

Their key challenges: 

  1. External pressure: Customers made ISO a requirement.
  2. Tender exclusion: More and more tenders required ISO 27001 as a baseline.
  3. No ISMS in place: Roles, documentation, and processes had to be built from scratch.
  4. Limited capacity: A small IT consultancy couldn’t spare full-time InfoSec resources.
  5. High demands in AI projects: Without proven security, AI solutions risk being seen as black boxes a no-go for many clients.

Solution

m2hycon chose DataGuard for its powerful combination of platform and expert support. What stood out most was a structured, step-by-step approach that was flexible enough to fit their team size and needs. It gave them all the tools to build a lean, audit-ready ISMS without being overwhelmed.

What made the difference:

  • User-friendly Risk App: Helped categorize and track risks clearly, which according to Natalia was ”a real benefit in the audit.”
  • Pre-built documentation: Provided structure without being rigid—content could be customized and aligned with the team quickly.
  • Flexible templates: When standard formats didn’t fit, DataGuard helped adapt them, keeping things lean yet audit-proof.
  • Built-in Academy: Covered 80% of their training needs out of the box, with tracking and proof of completion.
  • Expert-led collaboration: The dedicated DataGuard consultant worked closely with m2hycon to build a realistic ISMS that fit their business.
  • Time savings: Everything was integrated into the daily workflow — no extra headcount needed.

Results 

m2hycon successfully built a complete, audit-ready ISMS: structured, scalable, and fully aligned with their day-to-day operations. Just nine months after starting, they passed their ISO 27001 audit on the first try, with no findings, all while using only 20–25% of the team members’ time.

Key achievements: 

  • Certified in 9 months: No findings, no delays
  • Lean implementation: Built the ISMS using just 20–25% of two FTEs' time
  • Business impact: Gained access to new tenders and clients who prioritize security
  • Efficient operations: Fewer questions, clear documentation, smoother project delivery
  • Audit-ready structure: Risks, controls, and responsibilities are now fully traceable
  • Tailored, scalable system: Templates adapted to reality, not the other way around
  • Long-term value: A foundation that grows with the company and evolving regulations

What’s next? 

From certification to continuous improvement

DataGuard continues to support m2hycon post-certification: from maintaining their risk register to preparing for follow-up audits for continuous ISO compliance and delivering regular training.

 

For Grinberg, one thing is clear: “With DataGuard’s platform, I had everything I needed right at my fingertips. That gave me the confidence to lead it successfully. The platform is comprehensive, yes, but it really shines when you’re ready to take ownership. We were in the driver’s seat and DataGuard was our navigator."

Her advice to other companies? "Expertise alone isn’t enough anymore. Information security is a must. You don’t need to be a large enterprise to get it right. You just need the right partner.” 

🏢 Organization Schema Preview (Development Only)
{
  "@context": "https://schema.org",
  "@graph": [
    {
      "@type": "Organization",
      "@id": "www.dataguard.com#organization",
      "name": "DataGuard",
      "legalName": "DataCo GmbH",
      "description": "DataGuard, the European leader in security and compliance software, is trusted by more than 4,000 organizations across 50+ countries. We help you identify and manage your security and compliance risks and fast-track your certifications and compliance by combining expert consultancy with AI-powered automation. Our purpose-built, all-in-one platform is developed with the experience of over 1.5 million total hours by a team of certified security and compliance experts.",
      "foundingDate": "2018",
      "taxID": "DE315880213",
      "logo": "https://7759810.fs1.hubspotusercontent-na1.net/hubfs/7759810/DataGuardLogo.svg",
      "url": "www.dataguard.com",
      "email": "info@dataguard.de",
      "telephone": "+49 89 452459 900",
      "address": {
        "@type": "PostalAddress",
        "streetAddress": "Sandstrasse 33",
        "addressLocality": "Munich",
        "addressRegion": "Bavaria",
        "postalCode": "80335",
        "addressCountry": "Germany"
      },
      "sameAs": [
        "https://www.linkedin.com/company/dataguard1/",
        "https://www.youtube.com/channel/UCEQzPZ6sCBCj9cAoBvaLL6w",
        "https://x.com/i/flow/login?redirect_after_login=%2FDataGuard_dg"
      ]
    }
  ]
}

✅ Organization schema markup for "DataGuard" has been injected into the document head.