← Back to case studies
QuickIntel logo
ISO 27001 · GDPR

QuickIntel: ISO 27001 and GDPR pentest for an MSSP

How a managed security provider aligned technical testing to ISO 27001 Annex A and GDPR Article 32 expectations.

We are an MSSP, so our certifying body expected Annex A.12 technical testing with real exploitation evidence, not a Nessus export. DeepScan delivered ISO-mapped findings our auditors could trace directly to our Statement of Applicability.
Dave Millier · CTO · QuickIntel
QuickIntel DeepScan case study
A.12

control mapping

8d

to cert-body package

0

major pentest nonconformities

GDPR

Article 32 context

Challenge

What needed to be proven

QuickIntel needed technical testing evidence that could map cleanly to ISO 27001 controls and GDPR security expectations.

Their previous evidence workflows required manual translation from scanner output into audit language.

Approach

How DeepScan tested it

DeepScan tested the customer portal, XDR integration APIs, ticketing workflows, and administrative controls in the certification scope.

Findings were written with exploitation evidence, risk context, remediation, and control traceability from the start.

Results

What changed

QuickIntel uploaded the evidence into its compliance workflow without rebuilding the report format.

The report supported the Statement of Applicability and reduced audit back-and-forth around technical testing.

Services used

  • Api Pentest
  • Soc2 Iso Hipaa Pentest
  • Continuous Validation

Need evidence like this for your audit or deal?

Start self-serve with a target today, or book a DeepScan-led pentest if you need the report delivered for you.

DeepScan delivers agentic pentesting with CyberImmune and CREST Certified partner delivery where required.