The Company

We started Sectropy because we care about how organisations actually work.

After years of building software, running teams, and managing businesses, we kept seeing the same thing: security and compliance were treated as something external, heavy, or abstract, even though they affect everyday work, real people, and real outcomes.

Who we are

We started as an independent, partner-led collective founded by three partners with more than 25 years of experience each, with compatible expertise.

Our partner-led core, supported by a trusted network of specialists, enables us to take responsibility for entire security and compliance functions, not just single roles.

Learn more about the partners

Our core belief

Every organisation is a living creation. Functional, imperfect, and constantly adjusting to new realities. We don’t try to replace what exists with something idealised.

We help clarify what became complicated, and refine what already works. Like Kintsugi, we treat the cracks as part of the story, not something to hide but something to shape.

Learn about our values

How we work

Clients work directly with the partners, no layers of intermediaries. To deliver the breadth of our work, we rely on a trusted network of experts and partners.

This approach allows us to assemble the right capability for each engagement while keeping the core of the firm highly focused, experienced, and hands-on.

SixC | The values we stand for

C1


Curiosity

We ask questions before we offer answers. Understanding how something really works is the starting point for improving it.

C2


Common sense

We rely on experience, judgement, and clarity. Simple, practical solutions often take more effort — and they are usually the ones that last.

C3


Care

We treat people as people, not resources. Our work affects real teams, real decisions, and real outcomes, and we take that seriously.

C4


Collaboration

We believe the best results come from shared ownership. We work closely with our clients, building solutions together.

C5


Consistency

We value direction and momentum over quick wins. Lasting security and resilience are not built through shortcuts.

C6


Commitment

We take responsibility beyond advice. When we engage, we stay accountable for outcomes and carry the work through.

Our expertise

Our expertise is grounded in a clear understanding of organisational reality and built through hands-on experience with management systems, standards, and regulatory frameworks. We work across integrated management systems, ISO standards, EU regulations, and assurance frameworks.

We support the implementation, improvement, and operation of ISO management systems by translating standard requirements into processes that fit how organisations actually work. Our focus is not certification for its own sake, but building systems that remain usable, auditable, and relevant over time.

We work with organisations subject to EU regulations such as DORA, NIS2, GDPR, and related digital and security frameworks. Our approach focuses on proportional compliance, practical interpretation, and operational alignment, helping organisations meet regulatory expectations without losing control of their day-to-day operations.

We support organisations preparing for SOC 2 Type II by helping them design controls, build evidence, and sustain them throughout the audit period. Our work focuses on readiness, operational discipline, and audit support, so assurance reflects how the organisation actually operates, not just how it documents intent.

We help organisations design and operate integrated management systems that align security, quality, continuity, service management, privacy, and risk into a coherent whole. Instead of parallel frameworks and duplicated effort, we focus on shared structures, common processes, and clear ownership that hold under real operational conditions.

We support security projects and initiatives that don’t fit neatly into predefined frameworks or certifications. This includes targeted assessments, security improvements, incident-driven work, and one-off initiatives where the scope is specific and time-bound. Our focus is on clarity, execution, and outcomes, bringing structure where it’s needed without forcing unnecessary formality.

  • Badge for ISO/IEC 42001 AI (Artificial Intelligence) Management Systems. The badge is circular, official-style seal, with a segmented outer ring, central emblem area, and a subtle patterned background, designed in a clean, formal style.
  • Badge for ISO/IEC 27701 Privacy information Management Systems. The badge is circular, official-style seal, with a segmented outer ring, central emblem area, and a subtle patterned background, designed in a clean, formal style.
  • Badge for ISO/IEC 20000-1 Service Management Systems. The badge is circular, official-style seal, with a segmented outer ring, central emblem area, and a subtle patterned background, designed in a clean, formal style.
  • Badge for ISO/IEC 27001 Information Security Management Systems. The badge is circular, official-style seal, with a segmented outer ring, central emblem area, and a subtle patterned background, designed in a clean, formal style.
  • Badge for ISO 22301 Business Continuity Management Systems. The badge is circular, official-style seal, with a segmented outer ring, central emblem area, and a subtle patterned background, designed in a clean, formal style.
  • Badge for EU NIS2 (Network and Information Systems Directive 2). The badge is circular, official-style seal, with a segmented outer ring, central emblem area, and a subtle patterned background, designed in a clean, formal style.
  • Badge for EU GDPR (General Data Protection Regulation). The badge is circular, official-style seal, with a segmented outer ring, central emblem area, and a subtle patterned background, designed in a clean, formal style.
  • Badge for EU DORA (Digital Operational Resilience Act). The badge is circular, official-style seal, with a segmented outer ring, central emblem area, and a subtle patterned background, designed in a clean, formal style.
  • Badge for EU AI (Artificial Intelligence) Act. The badge is circular, official-style seal, with a segmented outer ring, central emblem area, and a subtle patterned background, designed in a clean, formal style.
  • Badge for AICPA (American Institute of Certified Public Accountants) SOC 2 Type 2 system and organisation controls. The badge is circular, official-style seal, with a segmented outer ring, central emblem area, and a subtle patterned background, desig
  • Badge for EU CRA (Cyber Resilience Act). The badge is circular, official-style seal, with a segmented outer ring, central emblem area, and a subtle patterned background, designed in a clean, formal style.