Overview
Kalp Systems is supporting a leading intelligent automation company that offers a unified platform combining RPA, AI, BPM, and low-code process automation. Serving clients across finance, healthcare, insurance, and logistics, the company sought to establish strong information security foundations and scale up to globally recognized compliance standards.
Client: Intelligent Automation Company (Name Withheld for Confidentiality)
Industry: Information Technology & Services
Employees: 270
Revenue: $1.8 Million
Locations in Scope: Ahmedabad & Mumbai, India
Engagement Duration: 2022 – Ongoing
Challenges
- Developing a formal security governance model with no pre-existing ISMS or compliance controls
- Meeting customer and investor expectations around security certifications and third-party assurance
- Managing cross-border compliance across two operational jurisdictions (Ahmedabad & Mumbai)
- Sustaining long-term control performance to meet SOC 2 Type 2 audit requirements
- Supporting high growth while maintaining security oversight without full-time internal security leadership
Our Solution
Kalp Systems delivered a staged, scalable compliance and governance framework tailored to the client’s industry and growth model:
- ISO 27001 (2022):
Conducted comprehensive risk assessment, control implementation, and documentation. Supported the client during both Stage 1 and Stage 2 audits, achieving certification with no major non-conformities. - vCISO Engagement (2023 – Ongoing):
Appointed a virtual Chief Information Security Officer (vCISO) to oversee risk management, compliance tracking, vendor due diligence, incident handling, and board-level reporting. Continues to provide strategic guidance, security roadmap execution, and internal policy management. - SOC 2 Type 2 (2025):
Led readiness efforts, control mapping, evidence collection, and internal control testing in line with the AICPA Trust Services Criteria. Successfully supported the organization through its SOC 2 Type 2 audit with consistent control performance documented over the reporting period.
Results
- ISO 27001 and SOC 2 Type 2 certifications achieved with no major non-conformities
- vCISO engagement delivering sustained executive-level security governance
- Improved incident response time by 30% across both geographies
- Enhanced stakeholder confidence in the organization’s security posture, enabling faster procurement cycles with enterprise clients