| Industry | Telecom |
| Company size | 11–50 employees |
| Product | Mobile, home internet and TV services for consumers |
| Customers | 50,000 subscribers across UE |
| SEDIVIO products used | Cyrima · TestSec |
| Challenge | No structured compliance programme, point-in-time security testing leaving gaps |
| Result | NIS2-ready, ISO 27001 controls tracked in Jira, continuous penetration testing running 24/7 |
24/7
continuous penetration testing with no agents and no disruption to live services
95%
of NIS2 and ISO 27001 controls tracked with a named owner in Jira
The Challenge
Growing fast and security and compliance that had not kept pace.
As customer base grew and NIS2 came into force, the pressure to demonstrate formal compliance increased.
The team had no structured compliance programme and no continuous way to monitor its security posture. Regulatory requirements lived in documents, not in the workflow. Security tests produced reports that quickly went stale as the platform evolved. They needed both problems solved — and a way to do it without building a dedicated compliance and security function from scratch.
Before SEDIVIO
- Compliance requirements tracked in documents, not in the workflow
- No named owner per NIS2 or ISO 27001 control
- Annual security tests leaving months-long gaps in coverage
- New services and APIs going untested between assessment cycles
- Audit preparation triggered reactive scramble
After SEDIVIO's help
- All compliance controls managed as Jira tasks alongside product work
- Every control has a named owner, a deadline and documented evidence
- Continuous penetration testing covering the full attack surface 24/7
- New services automatically added to the testing scope
- Security findings surfaced early
The Solution
Two products. One integrated programme covering compliance and security.
SEDIVIO implemented Cyrima and TestSec together — addressing both the compliance gap and the security testing gap in a single engagement. The two products complemented each other: Cyrima ensured regulatory obligations were tracked and evidenced continuously, while TestSec ensured the infrastructure those obligations referred to was actually being tested.
Cyrima: compliance mapped to the workflow
Cyrima analysed project types and mapped NIS2 and ISO 27001 requirements to Jira tasks automatically. Each control was assigned to a team member with a deadline and tracked alongside regular development work. Evidence was captured inside the ticket as tasks were completed.
TestSec: full attack surface mapped and tested continuously
TestSec mapped entire external attack surface — all domains, subdomains, customer portals and APIs. Continuous automated testing ran 24/7 without agents or disruption to live services. New infrastructure added during the engagement was detected and added to scope automatically.
Manual verification
Every vulnerability identified by TestSec was manually verified before being reported. The team received only real, confirmed findings — with clear remediation guidance and access to a dedicated security advisor for questions and retests.
Live visibility across both programmes
Compliance posture and security findings were visible in real time. The team could see open controls, completed evidence and active vulnerabilities at any point — not just during audit preparation or after an annual test cycle.
Setting the standard, together.
From public institutions to innovation leaders – together we build a safer digital environment.
See how Cyrima and TestSec work together for your team.
Book a meeting with our team. We will listen to what you are working on and show you where SEDIVIO can help.
Omar Sharif Mamuzai
Head of Sales
