How Periskope built ISO 27001 readiness to protect WhatsApp data for 5,000+ businesses worldwide

Sales & CRM
2-10
Employees
This is also a heading
This is a heading

When 5,000+ businesses across 50+ countries trust you with their WhatsApp conversations, security isn't just a feature. It's the foundation.

Periskope is a WhatsApp management platform that lets businesses run multiple numbers, manage group chats, create tickets, and automate workflows at scale. Unlike tools that require the WhatsApp Business API, Periskope works with regular WhatsApp numbers, making it accessible to teams of all sizes.

The data flowing through Periskope is inherently sensitive: customer conversations, sales threads, support tickets, internal group chats. As the platform expanded globally, enterprise customers started asking for formal proof that this data was protected.

Periskope chose ISO 27001 as their certification target and partnered with ComplyJet to make it happen.

Why ISO 27001

For a platform operating across 50+ countries, ISO 27001 was the natural choice. It's the most widely recognized information security standard globally, and it signals to international customers that Periskope takes data protection seriously at an organizational level, not just a technical one.

Enterprise buyers, particularly those in regulated industries or handling sensitive customer communications, increasingly require ISO 27001 as a baseline before signing procurement agreements.

The Challenge

Periskope is a lean, fully remote team. There's no physical office, no dedicated compliance function, and no prior certification history. Building ISO 27001 readiness from scratch meant:

  • Creating a full Information Security Management System (ISMS) from the ground up
  • Drafting and approving dozens of security policies, many specific to ISO 27001
  • Figuring out how physical security controls apply to a fully distributed team
  • Handling employee background verification without a formal BGV process in place
  • Finding and integrating the right tools for penetration testing and device management
  • Doing all of this without slowing down product development for a platform serving thousands of businesses

The Environment

Periskope's infrastructure includes:

  • Google Cloud Platform (GCP) for production infrastructure
  • Miradore for mobile device management
  • A fully remote team with no physical office

The remote-first setup added a layer of complexity. ISO 27001 includes physical security controls that need to be addressed even when there's no office. ComplyJet helped Periskope determine which controls applied to their setup and how to satisfy them appropriately.

Getting Started

Bharat Kumar Ramesh and Swapnika Nag led the compliance effort. Both were hands-on from the start, connecting integrations, generating policies, and asking the kind of detailed questions that move things forward fast.

The team used ComplyJet's AI-powered policy wizard to draft the bulk of their ISO 27001 policies. When they hit three policies that weren't yet supported in the wizard, they flagged it. ComplyJet built support for all three and shipped the update within days.

That kind of feedback loop defined the relationship. Periskope wasn't passively following a checklist. They were actively shaping the process, and ComplyJet responded in kind:

  • Policies drafted, reviewed, and approved across the entire team
  • All employees completed security training and policy acknowledgment
  • Pentest vendor sourced with ComplyJet's guidance
  • Background verification process established using a practical approach that satisfies auditor requirements without overcomplicating things
  • Device management connected through Miradore

What They Built

Over the course of their engagement, Periskope built a complete ISO 27001-ready posture:

  • Full ISMS with policies mapped to ISO 27001 controls
  • Employee onboarding, training, and policy acceptance completed
  • Vendor management and outsourced development policies addressed
  • Physical security controls adapted for a fully remote setup
  • Device management enrolled and monitored
  • Penetration testing planned and scoped
  • Privacy policy and public terms published

The team went from no formal compliance program to audit-ready, with the auditor on standby.

Why This Matters

Periskope's story shows that ISO 27001 doesn't require a large team or a dedicated compliance hire. It requires the right platform, the right support, and founders who treat security as part of the product.

For a platform handling WhatsApp conversations for thousands of businesses globally, ISO 27001 certification isn't just a badge. It's a signal to every current and future customer that their data is managed with the rigor they'd expect from an enterprise-grade tool.

Looking Ahead

Periskope is on the verge of completing their ISO 27001 certification audit. With the ISMS built, policies in place, and the auditor ready to go, the finish line is in sight.

As the platform continues to scale across new markets, ISO 27001 certification will open doors that were previously gated by security requirements. When the next enterprise prospect asks about Periskope's security posture, the answer won't be a conversation. It'll be a certificate.

Trusted by hundreds of startups

Achieve SOC 2 faster and more affordably.
Book a Demo

Get compliant & close more revenue

Book a Demo

Platform

Automated ComplianceStreamlined AuditsTrust Center

Frameworks

SOC 2HIPAAISO 27001

Resources

PricingBlogVideosHelp CenterOur Trust Center

Integrations

AWSAzureGCPGithubAll Integrations

Articles

SOC 2 GuideSOC 2 CostSOC 2 vs ISO 27001SOC 2 Type 1 vs 2SOC 2 ControlsVanta Alternatives

Company

About UsPrivacy PolicyTOS

© 2026 ComplyJet. All rights reserved.

framework hipaa