Cybersecurity and regulatory compliance, implemented by those who meet it.
NIS2, CRA, DORA, ENS and ISO 27001 readiness, offensive security, AI-managed SOC and training. For organisations that need to comply and prove it.
Services
From strategy to day-to-day operations, with compliance as the backbone.
We take you from the initial assessment to the certificate, and keep the system running once the auditor leaves.
NIS2 · DORA · ENS · ISO 27001 · CRA · TISAX View compliance →The layer that decides where your security is heading and orders everything else, from the strategic plan to the board committee.
Master Plan · CISOaaS · Risk View governance →We test systems, applications and people with the same techniques an attacker would use, and show you where they would get in.
Web · API · Infra · IoT/OT View offensive →Your day-to-day security operations without building them yourself: Sondriva keeps watch around the clock and, if something happens, we respond.
Sondriva · MDR · DFIR View managed →We turn your people into the first line of defence, with programmes for the whole organisation, from the front desk to the board.
Phishing · NIS2 management View training →So an incident does not stop the business: we prepare the response, the recovery and the rehearsal of the worst day before it arrives.
BIA · DRP · Table top View continuity →Regulation
Every framework has its deadlines and its penalties. The one thing they all share: getting compliant takes months and the requirements arrive without warning.
Offensive security
Pentesting of web applications, API, infrastructure and IoT/OT, red team exercises and social engineering. The same arsenal a real attacker would use and a report that prioritises by risk, so your team knows what to fix first.
Why Meta-Data
More than twenty certifications back the team: from CISSP, CISA and CISM to lead auditors for ISO 27001 and ISO 42001 and ENS auditors. We have spent more than twenty years implementing, auditing and operating the security of public and private organisations, so we know what the auditor is going to look at: we have sat on their side of the table many times. And yes: we pass our own audits too.
Regulatory depth. From NIS2 and DORA to TISAX and ISO 42001: each framework with its own service, not as an appendix to another.
Both sides of the audit. We implement systems and we audit them: we know the questions before they arrive.
Tailored to you. No templates: every project and every ISMS is designed for your reality, not someone else's.
The same audits we implement, passed in every cycle.
Managed cybersecurity
Managed detection and response are no longer just for large corporations. Sondriva combines AI-assisted detection with analysts who only escalate what matters: continuous monitoring and enterprise-grade technology, at a price built for SMEs.
It is also the most direct way to cover the detection and response measures that NIS2 and the ENS require.
Company
We were born in Tudela and have spent more than twenty years on technology projects. We work with companies and public bodies in Navarra and across Spain, remotely and on site, and with international companies operating in Europe. A close-knit team with no middlemen: the person who writes your proposal is the one who runs the project.
Knowledge
Written by the consultants who run the projects, with a visible update date.
Method
The same path across every service, from a one-off pentest to a full ISMS.
We listen to your situation: what applies to you, what worries you and what you have already built.
A clear proposal, with scope, priorities and budget. No fine print.
We work alongside you, tell you what we are finding and close with results you can defend.
Shall we talk?
Tell us your situation and we will tell you where to start. A consultant replies, not a salesperson, and the first assessment costs nothing.
Get in touch