The Challenge: Ahrefs needed to achieve compliance while keep their team velocity and their ways of working.
The Solution: Probo’s expert-led services - built on top of Probo’s open-source compliance platform - enabled Ahrefs to achieve ISO 27001 readiness in no time while keeping its teams focused on what mattered.
The Results:
- Audit-ready in weeks, not months, ahead of schedule
- Six-figure annual savings compared to traditional consulting approaches
- Minimal internal overhead for engineering and operations teams
About Ahrefs
Ahrefs is a Singapore-based SEO and marketing technology company founded in 2010, best known for its powerful all-in-one platform used by marketers, agencies, and enterprises to analyze backlinks, keywords, and website performance.
Bootstrapped since day one, Ahrefs has grown steadily to an estimated $100 million in annual revenue by 2022. Its success rests on owning one of the world’s largest web crawlers - processing trillions of links and billions of keywords - and delivering deeply integrated tools that help businesses improve search visibility and performance.
Ahrefs builds and operates most of its infrastructure in-house to support massive data demands: it crawls the web continuously and stores petabytes of data - over 500 PB (or 500 000 TB) at the time of writing - across more than 3,600 servers.
The Challenge
Ahrefs never needed certifications to prove its engineering excellence. But as the company expanded its enterprise footprint, customers began asking for ISO 27001 and SOC 2 reports.
The initiative was led by Efim Mirochnik (Head of Infrastructure) and Mauricio Fernandez (Principal Security Engineer). Their mandate:
Achieve ISO 27001 and SOC 2 Type II compliance without slowing down the company
Ahrefs wanted to:
- Strengthen customer trust through recognized certifications
- Keep their strong culture - the ISMS has to be practical and reflect how they worked, not a generic template
- Minimize manual effort for engineers and security staff
- Deliver results on an ambitious timeline tied to enterprise deals
The core challenge was balancing speed with rigor, ensuring every control, policy, and process was meaningful, efficient, and auditable.
From kickoff to full ISO 27001 certification and SOC 2 report, their ambitious objective was to be ready in 6 months.
The traditional approach wasn’t working
Ahrefs initially explored the conventional options: hiring compliance consultants or building capabilities in-house. Both paths had major drawbacks.
- Hiring in-house would take months before meaningful progress
- External consultants worked too slowly and lacked context on Ahrefs’ infrastructure and culture
Efim Mirochnik:
Our earlier collaboration with consultants had us go through ISO27001 controls to implement them and ask questions if needed. Even when we knew what to do the extent of sufficient was not clear. For many controls, it was not even clear what exactly to ask.
Our impression was that we should have 100% of all the controls implemented before turning to ISO27001 audit. We also saw ISO 27001 certification as a final goal rather than a continuous improvement process, as later emphasized by Probo.
We engaged with Probo after about 1 year after starting ISO27001 path and about 6 months after being on our own with implementing ISO27002 controls while lacking guidance.
Probo’s solution: expert-led compliance at scale.
After evaluating multiple options, Ahrefs chose Probo. Together, we transformed Ahrefs’ existing practices into an audit-ready compliance system.
1. Custom ISMS Design
Rather than imposing external processes, we documented how things already worked.
That became the foundation of Ahrefs’ Information Security Management System (ISMS): lean, practical, and scalable.
2. Embedded support
Probo worked closely with Ahrefs’ infrastructure and security teams to review risks, policies, and audit evidence - ensuring compliance without unnecessary overhead.
3. Push in the right direction
No one starts perfect, and perfection wasn’t the goal. We focused on filling real gaps, aligning documentation with practice, and keeping every change purposeful.
Results
1. Rapid compliance
Traditional Timeline: 6 to 12 months for readiness
Ahrefs + Probo Timeline: 10 weeks to audit-ready, 13 weeks to ISO 27001 certified
Ahrefs became ISO 27001 certified in less than half the usual time - without slowing engineering or product delivery.
2. Conserving internal resources
Probo’s team handled the bulk of the operational work - mapping controls, managing evidence, validating policies, assessing vendors, and coordinating with auditors - so Ahrefs’ internal teams could stay focused on product and infrastructure.
Efim Mirochnik:
We’ve stayed focused on our topics, worked on our processes and were not bugged by compliance busywork. Probo took on the heavy lifting and kept us on track. Plus, Probo’s team gave us valuable advices on implementation of some practical and useful things we lacked, not just setting a checkbox of compliance.
3. Financial returns
The project delivered measurable financial impact:
- 70-80% reduction in consultant fees compared to a traditional Big 4-style engagement
- Minimal internal cost, as Probo leveraged existing workflows and tools
- Certification was delivered just a few weeks ago, and it is already helping the enterprise team in prospection and helped prevent some big customer churn
Why It Worked
Ahrefs already had strong security and engineering discipline. Probo’s role was to formalize what worked, automate what could be automated, and simplify what didn’t add value.
Both teams shared the same principles: move fast, stay rigorous, and avoid unnecessary process.
With ISO 27001, Ahrefs continues to work with Probo to build on that foundation.
- SOC 2 Type II observation period in progress
- Expanding to ISO 42001 (AI governance) and GDPR
- Continuous improvements, tracked on Probo platform
Bryan Frimin - Probo’s CTO:
Building our services on top of our own open-source platform helps us move beyond what traditional GRC platforms or consultative support can offer. As Ahrefs and Probo evolves, we’re able to be deeply integrated into their specific needs, to provide forward-looking guidance rather than just reactive compliance.
Probo advantage
Efim Mirochnik:
Probo has been a true partner. They adapted compliance and security to our daily jobs, took the heavy lifting and enabled us to move faster than expected.
As Ahrefs continues its trajectory toward becoming not just an SEO platform but the full marketing platform, Probo ensures compliance is not in the way.
Ahrefs’ experience shows that the right approach to compliance removes friction instead of adding it.
Done right, it’s not a blocker - it’s an enabler for growth, trust, and focus.
