🎉 Scytale named 2026 G2 Best Software Award winner in GRC.

Scytale

Log in

Get a demo
Backround
21 Analytics

How 21 Analytics Maintains ISO 27001 Compliance to Unlock New Opportunities

21 Analytics, a Swiss RegTech serving crypto exchanges, brokers, OTC desks, and banks, ships on-premises Travel Rule software to one of the most heavily regulated corners of finance. With Scytale, the team renewed its ISO 27001 certification – the gold standard for Information Security Management Systems (ISMS) and now walks into every customer RFP with documented proof of bank-grade security on hand.

quote icon
21 Analytics

Lucas Betschart

COO
at 21 Analytics

“With Scytale, documenting and continuously maintaining the processes and policies behind our ISO 27001 compliance has been incredibly simple – purpose-fit for our on-premises software solution.” 

Challenges

Before Scytale, 21 Analytics handled compliance reactively, pulling documentation together only when a prospect’s RFP demanded it. Selling into traditional finance meant the bar was high: banks expected fully documented proof for every aspect of the security program.

“Collecting all this data from different sources was way more difficult than just using Scytale as we are now,” Lucas explains.

  • Each new RFP triggered a fresh round of document hunting across the team
  • Evidence often went stale between requests, forcing a rebuild from scratch every cycle 
  • The team was already meeting ~90% of ISO 27001 requirements operationally, but lacked the compliance documentation to prove it
  • Documents lived scattered across Google Drive with no central source of truth

The result: a scaling sales motion bottlenecked by manual work – costing the product team time they couldn’t afford to lose.

Solution

After evaluating multiple AI GRC platforms in a tight year-end window, 21 Analytics chose Scytale for one reason: it pairs an automation platform with on-demand ISO 27001 expertise – so a two-person team could carry the project without pulling the rest of the company off product work.

“You don’t just get the platform – you get the consultant that helps you with using the platform and the expertise on ISO 27001 itself,” Lucas notes. “The consultant has done it over 100 times. For us, doing it once or twice, that’s a completely different level of guidance.”

Scytale centralized 21 Analytics’s ISO 27001 program, surfaced policies they hadn’t yet documented, and automated evidence collection across their integrations. Within weeks of going live, the team had everything they needed sitting in one structured place – and a Trust Center to share it from.

“We had a very big traditional bank RFP that’s still ongoing. We delivered most of the data – and while it was very helpful that we showed we have the ISO 27001 certificate, they wanted all the evidence, all the documents. The timing was perfect: we’d already collected everything in Scytale, so we could just say, ‘look, here is everything.”

Highlights

  • ISO 27001 renewal led in-house by 21 Analytics’s compliance team, keeping product and engineering on roadmap 
  • All policies, evidence, and documentation centralized in one platform, always RFP-ready
  • Trust Center surfaces compliance proof directly to customers without manual document hunts
  • On-demand ISO 27001 consultancy that brings 100+ engagements’ worth of expertise
  • Constantly expanding integration library – reducing manual evidence collection year over year
  • ESG, security, and other adjacent policies refreshed during the renewal, strengthening the organization’s broader GRC posture

Key Results & Successes

The biggest shift isn’t a single number – it’s how ISO 27001 compliance now plugs into 21 Analytics’s sales process:

  • Compliance evidence delivery for major RFPs, including a live traditional bank engagement, now takes days, not weeks
  • ISO 27001 certificate plus a full evidence library = bank-grade trust signal for the customers that demand both
  • 21 Analytics’s compliance leadership drove the renewal end-to-end, enabling the wider team to focus on the product 
  • Foundation now ready for the next layer of already aligned frameworks, without rebuilding from scratch 

The result is a continuous ISO 27001 compliance program that doubles as a sales asset, and a compliance practice that scales with 21 Analytics’s growth into finance markets without scaling the overhead.