Dublin · ISO 27001 · DORA · PCI DSS

The audit is not the problem.
Gaps in the evidence are.

Bergson helps regulated fintechs, EMIs and SaaS companies prepare for ISO 27001, DORA and PCI DSS — and keep the controls alive after the auditor leaves.

< 24h
First response
100%
Senior bench
EU · UK · Global
Active jurisdictions
ISO · DORA · PCI
Core frameworks

Payment Institutions  ·  EMIs  ·  Regulated Fintechs  ·  B2B SaaS  ·  Cloud-native Platforms

Engagement Model

From audit pressure to a defensible position.

  1. Assess

    Read the architecture, controls and obligations. Find the real gaps.

  2. Prioritise

    Sequence work against deadlines, risk and what the team can absorb.

  3. Implement

    Build the controls, configuration changes and routines, with your engineers.

  4. Evidence

    Produce artefacts that hold up to an auditor, a customer or the board.

  5. Operate

    Hand over a rhythm the team can run after we step back.

Audit Readiness Check

Three questions. One honest answer.

A 60-second self-assessment that mirrors how we open every Bergson engagement. Nothing is stored — it runs entirely in your browser.

Question 1 of 3

Can you produce control evidence — logs, configs, tickets — for any control within one working day?

What you receive

Concrete artefacts, not slideware.

  • Gap assessment

    Where the current operating model falls short.

  • Risk and control map

    How risks, controls, owners and systems connect.

  • Evidence workbook

    What auditors, customers or boards can actually review.

  • Board-ready summary

    Plain-English reporting without losing technical substance.

  • Remediation roadmap

    What to fix first, and why.

  • Operating cadence

    How the team keeps the controls alive after the project.

Have a deadline pressing on you?
Tell us the gap.

We will tell you honestly whether Bergson is the right fit, and how we would scope the work.

Bergson Limited is registered in Ireland. We are not auditors, QSAs, or legal advisers. We help technology teams produce the evidence those stakeholders need.