From Workaround to Certification – ISO 27001 in Three Months
ISO 27001 for European Cloud Infrastructure
For years, Impossible Cloud relied on their colocation partner’s ISO 27001 certificate. Working with PCG, they achieved their own certification in three months and unlocked access to enterprise customers that had previously been out of reach.
The Company.
Impossible Cloud is an emerging European cloud provider focused on digital sovereignty. The Hamburg-based company offers S3-compatible object storage and bare-metal GPU servers built on European infrastructure, serving enterprises that demand both cloud performance and data sovereignty. With its own data center, colocation, and SaaS services, Impossible Cloud works with enterprise customers in security-critical industries.
For IT Leaders & Security Teams.
A complex setup combining an owned data center, colocation, and SaaS services demands a different approach than a standard organization. PCG engaged with that complexity directly, understood the business model, and contributed technical depth throughout. Every technical decision was developed collaboratively – not handed over as a pre-packaged answer.
For Decision-Makers and Executives.
When customers require ISO 27001 and a colocation partner’s certificate no longer suffices, deals stall. Impossible Cloud addressed this head-on: initial certification achieved in three months, without disrupting core operations and with direct access to enterprise customer segments that had previously been structurally out of reach.
The Situation
- Five locations, ~80 employees, internal team already at full capacity
- Impossible Cloud serves enterprise customers in security-critical industries with complex proprietary infrastructure and high quality standards
- Customers no longer accepted the colocation partner’s ISO certificate, they required certification for the GmbH itself
- Complex setup of GmbH, colocation, and cloud services sharing a common infrastructure
- No auditor contacts, no in-house ISO 27001 framework knowledge, no dedicated information security officer
- High time pressure: every month without certification meant missed deals and closed tenders
It was clear we needed it, and clear that it would cost money. For us, the real question was: how fast can we move? If it costs a bit more, that’s fine.
The challenge
For years, Impossible Cloud handled enterprise security inquiries by pointing to their colocation partner’s ISO 27001 certificate. A pragmatic approach until it stopped working. As customers began requiring ISO 27001 explicitly for the GmbH itself, negotiations ended earlier, tenders remained closed, and the burden of explanation grew. The requirements for a certification partner were clear: someone who genuinely understands a complex, modern cloud setup, delivers at pace without blocking product development, and remains reliable partner beyond the certificate itself.
The Solution
Impossible Cloud selected PCG after evaluating several providers. The deciding factor was not price, but capability: the ability to engage with a complex, modern setup rather than applying standard processes across the board. PCG brings IT experts who have conducted audits themselves, understand their clients’ business models, and take full responsibility for outcomes – with a fixed price and a defined deadline. Over 100 clients certified, all on the first attempt. PCG took on the full operational load: technical design, documentation, audit coaching, and direct access to a suitable auditor through their own network. Advisory, tooling, audit coaching, awareness training, and phishing simulation – all from a single source, with a single point of accountability. The internal team retained strategic oversight while weekly sprints ran directly within the existing product planning process. Where technical decisions became complex, they were worked through together – not handed down.
For us, one thing mattered most: Would the partner adapt to our modern, complex structure, or would we just get standard compliance off the shelf?
The Collaboration
PCG did not position itself as an external compliance vendor, but as a partner that understood the business model and engaged with technical depth. One internal engineer who was initially skeptical about the project became its most active driver over the course of the engagement – because for the first time, he had a solid foundation to push through technical measures he had always believed were right.
I run several certifications a year. It’s rare that we push one through in three months – and rarer still that it goes this well.
What does it look like now and where do we go from here
With ISO 27001 in place, information security at Impossible Cloud is no longer a project status – it is operational reality. Requirements can be addressed in a structured way, audits can be planned ahead, and deals no longer fall through due to missing certification. The business impact is direct: Impossible Cloud now advances further in significantly more negotiations and can bid on larger tenders where they previously had no seat at the table. Enterprise customers that were structurally out of reach are now active conversations. The collaboration with PCG does not end with the certificate. PCG’s engagement as a long-term partner is the result of a working relationship that built real trust. The shared roadmap includes C5 for cloud services in Germany and SOC 2 for the US market, complemented by ongoing support through penetration testing, a vCISO mandate, and phishing simulations as a managed service. Every future certification builds on the foundation already established – without starting from scratch.
Key Achievements at a Glance
-
3 months
-
100 % success rate
-
C5 and SOC 2 in planning
About PCG
Public Cloud Group (PCG) supports companies in their digital transformation through the use of public cloud solutions.
With a product portfolio designed to accompany organizations of all sizes in their cloud journey and competence that is a synonym for highly qualified staff that clients and partners like to work with, PCG is positioned as a reliable and trustworthy partner for the hyperscalers, relevant and with repeatedly validated competence and credibility.
We have the highest partnership status with the three relevant hyperscalers: Amazon Web Services (AWS), Google, and Microsoft. As experienced providers, we advise our customers independently with cloud implementation, application development, and managed services.