top of page


Heikki Erola.jpeg
Heikki Erola,
Co-founder of Compleye

1- Could you briefly introduce yourself: who are you? What is your job ? How long have you been working for Compleye?


"I'm Heikki Erola, I'm a co-founder of Compleye, and I run the commercial / business side of our company. My business partner, Karolin, runs primarily the compliance matters and product side of our business. "

2- Could you introduce us to Compleye? 

"We call Compleye a so called lean compliance company, which means that we offer a combination of SaaS platform and  consulting services to help companies to get, for example, ISO 27001 certification ready, or to get their GDPR compliance sorted. A client might start with a monthly subscription for the platform only,  but then realise that they would like some help during the process. So we provide these services. An example is ISO 27001 internal audit, that makes sure that a company will be ready for the external audit. 


We are able to provide full support to our clients, from getting started on their compliance journey to getting certification ready, and anything they might need in between. For example, ISO 27001 requires an annual audit, so we often help our clients to be ready for that."

3- Who are your clients?

"Compleye used to focus primarily on start-ups. But we can now see our clientbase moving towards SME and mid-market, even corporate level.
This is kind of a classic startup journey, starting from other startups and then slowly moving towards larger clients.


What comes to industries, we cater to almost all verticals. Having said that, especially SaaS companies seem to be in a big need for our services; Naturally, they need to be GDPR compliant, but often also ISO 27 001 certified, so that they can close larger deals (f. ex. if you want to do business with a big bank, you will need to be able to convince them that you are compliant with regulations and but also certified what comes to cyber security frameworks)."


4- What is the added value for your offer?

"Primarily, we are up against American or Asian platforms. Their mentality is very different from ours : Their foundation is in the American SOC 2 framework, which is more of a tick-box-type one, "Have you done this? Have you done that? And if you've done that, you are fine ».


Philosophically, the approach In Europe is different, I guess because cyber threat is so consistent and so real, it's not just a thing that we scare clients with, it is actually a real issue! That's why, for example, ISO has a philosophy of changing how a company operates, how it functions, so that cybersecurity is built into all the operations and the product and the service itself, and the way the organisation works internally and externally as well. It's a much more comprehensive way of approaching cybersecurity. We have chosen to go more towards the European way of handling cybersecurity, and maybe other platforms are more sticking to the American way. "

5- Do you have any case study to share with us?

"Sure, I can give you an example. The last client we just signed up is a fintech company with a financial  technology SaaS solution. 

They want to sign up larger clients and close bigger deals. They have one very big potential client that they are about to sign up any day now, and to be able to get there, they have to be ISO 27001 certified. They also know that to get there, it would probably take half a year for them, but the deal should be closed now!

So what we're doing with them and what service we also provide to them is that we started working with this client now already, and while we are in this process with them getting certified, we can provide them an official statement from our company, assuring that we are working together with them towards the ISO certification. 

This is normally enough for our clients to convince their prospects that they are serious about it and will get there. Of course, any company could say that « yes, we're working on it », even if they are not. But we actually guarantee that we are working with this particular client so that they will be ISO certified within f. ex. six months (or whatever that time frame will be). 

This is a very good example of a client that is right in our sweetspot in the market, but also it´s a good example of what we do for our clients."

6- Are you looking for new strategic and/or commercial partners?

"During the first years Compleye solution was only sold directly to the end clients, but like in many cases in the SaaS (or B-to-B SaaS world), to be able to be successful, you need to build a partner network. In other words, work with companies that will help you to spread the word and sell your solution to their clients and recommend your solution to their ecosystem. 

So we are exactly there at the moment, and we really want to develop these partnerships even further. 

And I believe that there's a huge market for what we do at the moment. The European legislation is changing very rapidly. There's something called NIS2 : it's an EU directive that´ll be forced into law in each EU country 17th October this year. It will touch appr. 150,000 companies. There will be something called DORA for financial institutions’, and various other cybersecurity regulations coming into force. 

All these regulations are real, which means that companies that land under these regulations have to be compliant. It's not enough to say that « yeah, we kind of slowly getting there ». The EU will give you a substantial fine that in the worst case could even bankrupt your company if you can't prove that you are compliant. So for us the opportunity to help clients is huge and it's happening right now. It's not happening in ten years, it’s happening right now. 

So I really think that there is a massive opportunity, and I believe that no company can cater to all this market by themselves. As a company, you need help from other companies, you need to work together to make sure the customers get the value that they need. 

We definitely are like any technology company out there : We won't be able to do everything by ourselves. 
So we need help from partners, partners with a complementary expertise and with complementary services. Let's take an example : We started to work with law firms. Law firms regularly get questions from their clients regarding GDPR and other regulations, f. ex. « oh, NIST2 is coming out, and I don't know what to do! ». Law firms understand from a legal point of view what to do and what are the requirements, but they don't necessarily know how to implement this into practice, they don't have the practical expertise of IT. That's when they come to us : « Hey, we have a client. We can tell them what they should be doing, but we don't know how to get them all the way there. Can you help? » 
This is a good example of partnerships we are aim for, and of partnerships that we're building at the moment."

The entire CyberSecura team would like to thank Heikki for his testimonial!

Discover Compleye website.

bottom of page