# Bastion - Security & Compliance Platform
# Website: https://bastion.tech
# Sitemap: https://bastion.tech/sitemap.xml
# Robots: https://bastion.tech/robots.txt

---

> AI-native security & compliance platform for modern companies.

Bastion helps startups and scale-ups achieve SOC 2, ISO 27001, GDPR, and Cyber Essentials compliance faster with automated evidence collection, expert guidance, and integrated security tools.

## Key Facts

- **Founded**: Paris, France
- **Focus**: Security & compliance automation for startups and scale-ups
- **Frameworks supported**: SOC 2, ISO 27001, GDPR, Cyber Essentials, HIPAA, PCI DSS, DORA, NIS 2
- **Customers**: 100+ companies including Pelico, Lemlist, Gleamer, Flex AI, Convelio, WeMaintain
- **Pricing**: €10,000-15,000 all-in for Year 1 (SOC 2 or ISO 27001)

## Compliance Timelines & Costs

| Framework | Timeline | Cost (Year 1) | Renewal |
|-----------|----------|---------------|---------|
| SOC 2 Type 2 | 4.5-6 months | €10,000-15,000 | Annual |
| ISO 27001 | 3-4 months | €10,000-12,000 | 3-year cycle |
| GDPR | Ongoing | Varies | Continuous |
| Cyber Essentials | 1-4 weeks | £300-5,000 | Annual |

*Timelines vary based on company size, complexity, and initial security readiness.

---

## Product Modules

### Services
- **Virtual CISO (vCISO)**: Fractional security leadership and strategic guidance
- **Penetration Testing**: 20+ hours of manual security testing by certified professionals
- **Internal Audit**: ISO 27001 and SOC 2 internal audit services
- **Audit Support**: Supports audit coordination, evidence preparation, and timeline management

### Compliance Automation
- **Evidence Collection**: Automated gathering from 50+ integrations (AWS, GCP, Azure, GitHub, Okta, etc.)
- **Policy Management**: 20-35 pre-built policies customized to your organization
- **Access Reviews**: Quarterly user access review workflows
- **Trust Center**: Public-facing security portal for customers
- **Status Page**: Real-time availability monitoring

### Security Tools
- **Endpoint Security (MDM)**: Device management, encryption verification, remote wipe
- **Attack Surface Management**: External vulnerability discovery
- **Static Code Analysis**: Security scanning in CI/CD pipelines
- **Cloud Security Posture (CSPM)**: AWS, GCP, Azure misconfiguration detection
- **SaaS Security**: Shadow IT discovery and SaaS risk management
- **Security Awareness Training**: Phishing simulations and compliance training

---

## Educational Resources

### SOC 2 Guides
- [What is SOC 2?](https://bastion.tech/learn/soc2/what-is-soc2): Complete guide covering costs (€10K-15K), timeline (4.5-6 months), Trust Services Criteria, and who needs it.
- [SOC 2 Type 1 vs Type 2](https://bastion.tech/learn/soc2/type1-vs-type2): Why you should skip Type 1 and go straight to Type 2.
- [SOC 2 Trust Services Criteria](https://bastion.tech/learn/soc2/trust-services-criteria): Deep dive into Security, Availability, Processing Integrity, Confidentiality, and Privacy.
- [How Long Does SOC 2 Take?](https://bastion.tech/learn/soc2/how-long-does-soc2-take): Timeline breakdown and what can/cannot be accelerated.
- [SOC 2 Compliance Checklist](https://bastion.tech/learn/soc2/compliance-checklist): 9-phase implementation guide.

### ISO 27001 Guides
- [What is ISO 27001?](https://bastion.tech/learn/iso27001/what-is-iso-27001): International certification for ISMS, 3-year cycle, €10K-12K cost.
- [ISO 27001 vs SOC 2](https://bastion.tech/learn/iso27001/iso27001-vs-soc2): Which framework to choose for your situation.
- [ISO 27001 Risk Assessment](https://bastion.tech/learn/iso27001/risk-assessment): Complete process guide for risk identification, analysis, and treatment.

### GDPR Guides
- [What is GDPR?](https://bastion.tech/learn/gdpr/what-is-gdpr): EU data protection regulation, €20M or 4% of global revenue maximum penalty.
- [GDPR Principles](https://bastion.tech/learn/gdpr/principles): The 7 data protection principles.
- [Data Subject Rights](https://bastion.tech/learn/gdpr/data-subject-rights): Right of access, erasure, portability, etc.

### Cyber Essentials Guides
- [What is Cyber Essentials?](https://bastion.tech/learn/cyber-essentials/what-is-cyber-essentials): UK government certification, 5 technical controls.

### Comparison Articles
- [SOC 2 vs ISO 27001 vs GDPR](https://bastion.tech/blog/soc-2-vs-iso-27001-vs-gdpr-which-compliance-framework-does-your-business-need): Which framework your business needs.

---

## Glossary

- [Security & Compliance Glossary](https://bastion.tech/glossary): 60+ defined terms including SOC 2, ISO 27001, GDPR, ISMS, Trust Services Criteria, and more.

## FAQs

- [Frequently Asked Questions](https://bastion.tech/faqs): Common questions about SOC 2, ISO 27001, GDPR, pricing, and timelines.

## Customer Success Stories

- [Lemlist SOC 2 Case Study](https://bastion.tech/case-studies/lemlist-soc2): How Lemlist achieved SOC 2 certification.
- [All Case Studies](https://bastion.tech/case-studies): Real customer stories with timelines and outcomes.
- [Wall of Trust](https://bastion.tech/wall-of-trust): Testimonials from Pelico, Convelio, Omi, Modjo, and more.

---

## Industry Solutions

- [Fintech](https://bastion.tech/industries/fintech): SOC 2, PCI DSS, DORA compliance for financial services.
- [Healthtech](https://bastion.tech/industries/healthtech): HIPAA, HDS, ISO 27001 for healthcare companies.
- [AI/ML Companies](https://bastion.tech/industries/ai-machine-learning): Compliance for AI startups and ML platforms.

---

## Pricing

- [Pricing Page](https://bastion.tech/pricing): SOC 2 from €10,000, ISO 27001 from €10,000.
- All-inclusive: Platform + policies + audit fees + penetration testing + expert support.

---

## Contact

- [Get Started](https://bastion.tech/get-started): Book a demo or start your compliance journey.
- [Contact Page](https://bastion.tech/contact): Reach the Bastion team.