Skip to content

From Workaround to Certification – ISO 27001 in Three Months

Case Study from 1 July 2026
PCG X ISO

ISO 27001 for European Cloud Infrastructure

For years, Impossible Cloud relied on their colocation partner’s ISO 27001 certificate. Working with PCG, they achieved their own certification in three months and unlocked access to enterprise customers that had previously been out of reach.

For IT Leaders & Security Teams.
A complex setup combining an owned data center, colocation, and SaaS services demands a different approach than a standard organization. PCG engaged with that complexity directly, understood the business model, and contributed technical depth throughout. Every technical decision was developed collaboratively – not handed over as a pre-packaged answer.

For Decision-Makers and Executives.

When customers require ISO 27001 and a colocation partner’s certificate no longer suffices, deals stall. Impossible Cloud addressed this head-on: initial certification achieved in three months, without disrupting core operations and with direct access to enterprise customer segments that had previously been structurally out of reach.

Tags
Security & Compliance
Industries
Software (ISV)
Share it

The Situation

  • Five locations, ~80 employees, internal team already at full capacity
  • Impossible Cloud serves enterprise customers in security-critical industries with complex proprietary infrastructure and high quality standards
  • Customers no longer accepted the colocation partner’s ISO certificate, they required certification for the GmbH itself
  • Complex setup of GmbH, colocation, and cloud services sharing a common infrastructure
  • No auditor contacts, no in-house ISO 27001 framework knowledge, no dedicated information security officer
  • High time pressure: every month without certification meant missed deals and closed tenders
impossible-cloud_work-together

The challenge

For years, Impossible Cloud handled enterprise security inquiries by pointing to their colocation partner’s ISO 27001 certificate. A pragmatic approach until it stopped working. As customers began requiring ISO 27001 explicitly for the GmbH itself, negotiations ended earlier, tenders remained closed, and the burden of explanation grew. The requirements for a certification partner were clear: someone who genuinely understands a complex, modern cloud setup, delivers at pace without blocking product development, and remains reliable partner beyond the certificate itself.

The Solution

Impossible Cloud selected PCG after evaluating several providers. The deciding factor was not price, but capability: the ability to engage with a complex, modern setup rather than applying standard processes across the board. PCG brings IT experts who have conducted audits themselves, understand their clients’ business models, and take full responsibility for outcomes – with a fixed price and a defined deadline. Over 100 clients certified, all on the first attempt. PCG took on the full operational load: technical design, documentation, audit coaching, and direct access to a suitable auditor through their own network. Advisory, tooling, audit coaching, awareness training, and phishing simulation – all from a single source, with a single point of accountability. The internal team retained strategic oversight while weekly sprints ran directly within the existing product planning process. Where technical decisions became complex, they were worked through together – not handed down.

The Collaboration

PCG did not position itself as an external compliance vendor, but as a partner that understood the business model and engaged with technical depth. One internal engineer who was initially skeptical about the project became its most active driver over the course of the engagement – because for the first time, he had a solid foundation to push through technical measures he had always believed were right.

What does it look like now and where do we go from here

With ISO 27001 in place, information security at Impossible Cloud is no longer a project status – it is operational reality. Requirements can be addressed in a structured way, audits can be planned ahead, and deals no longer fall through due to missing certification. The business impact is direct: Impossible Cloud now advances further in significantly more negotiations and can bid on larger tenders where they previously had no seat at the table. Enterprise customers that were structurally out of reach are now active conversations. The collaboration with PCG does not end with the certificate. PCG’s engagement as a long-term partner is the result of a working relationship that built real trust. The shared roadmap includes C5 for cloud services in Germany and SOC 2 for the US market, complemented by ongoing support through penetration testing, a vCISO mandate, and phishing simulations as a managed service. Every future certification builds on the foundation already established – without starting from scratch.

Key Achievements at a Glance

  • 3 months

  • 100 % success rate

  • C5 and SOC 2 in planning

About PCG

Public Cloud Group (PCG) supports companies in their digital transformation through the use of public cloud solutions.

With a product portfolio designed to accompany organizations of all sizes in their cloud journey and competence that is a synonym for highly qualified staff that clients and partners like to work with, PCG is positioned as a reliable and trustworthy partner for the hyperscalers, relevant and with repeatedly validated competence and credibility.

We have the highest partnership status with the three relevant hyperscalers: Amazon Web Services (AWS), Google, and Microsoft. As experienced providers, we advise our customers independently with cloud implementation, application development, and managed services.

Get more Insights

Oliver Gehrmann in a black T-shirt in front of a light blue and white background.

Your Contact Person:

Oliver Gehrmann
Business Lead Security & Compliance

Contact