Client
Certificates
ISO 27001
NIST
GDPR
Popcorn is a fast-growing global telecom company delivering borderless phone plans that just work—wherever users are. With operations spanning multiple continents and a global customer base, Popcorn must meet a wide range of regulatory and security requirements, including ISO 27001, NIST, and GDPR.
Like many scale-ups, Popcorn faces the classic startup challenge: how to move fast while remaining compliant without a dedicated internal compliance team. Compliance quickly became a business-critical concern.
Operating in the U.S. meant adhering to strict FCC guidelines, alongside broader international standards. The team explored various compliance solutions, including Vanta, but ultimately needed more than a tool—they needed guidance.
Popcorn chose CyberUpgrade for one core reason: full-service support through the CISO-as-a-Service model. This model was key for a team focused on delivering product and growth, not compliance management.
CyberUpgrade supported Popcorn across three major compliance tracks: ISO 27001, NIST, and GDPR.
ISO 27001: Our CISOs worked closely with the Popcorn team to gather documentation, guide policies, and coordinate submission.
GDPR: With the groundwork from ISO in place, the GDPR process moved swiftly. CyberUpgrade provided tailored guidance based on Popcorn’s business model and handled most of the documentation.
NIST: This is where crossmapping shined. Because ISO controls overlapped significantly with NIST, our team mapped the ISO requirements directly, reducing time and effort. Popcorn self-certified with ease, saving both time and stress.
“What stood out was the human factor. We didn’t just get a platform. We got a dedicated CISO who walked us through every step, aligned to our pace and goals.”
Lukas Kairys, Founder & CTO, Popcorn
By combining hands-on support with strategic crossmapping, CyberUpgrade helped Popcorn move through complex compliance frameworks with speed and confidence. What normally takes months of internal effort was completed in weeks—without hiring, delays, or disruption.
