Bulletproof Auditor Profile
Bulletproof is a UK cybersecurity and compliance firm based in London, combining technical security testing with compliance audit services. Founded in 2010, they serve companies across Europe needing ISO 27001, SOC 2, PCI DSS, and GDPR compliance.
Their CREST certification for penetration testing distinguishes them from pure compliance firms, allowing them to identify real security issues alongside procedural gaps during audits.
What Bulletproof Does Well
- Technical depth — CREST-certified penetration testing combined with compliance audits means they catch real vulnerabilities, not just paperwork gaps.
- PCI DSS expertise — Qualified Security Assessor (QSA) with strong track record in payment security for retail and e-commerce.
- GDPR practical guidance — Goes beyond checkbox compliance to help companies implement genuinely effective data protection programs.
Engagement Process
- Scoping workshop — Define requirements and approach.
- Gap analysis — Assess current state against target framework.
- Remediation support — Prioritized action plan.
- Formal assessment — Audit or penetration test execution.
- Reporting — Detailed findings and certification support.
Pricing Expectations
ISO 27001 certification from £10,000. SOC 2 Type II from £18,000. PCI DSS QSA assessments from £15,000. Penetration testing engagements from £5,000.
Who Should Choose Bulletproof
UK and European companies wanting both technical security testing and compliance certification from one provider, particularly in retail, e-commerce, and fintech.