SARLAFT · SAGRILAFT · Cybersecurity · ISO 27001

We safeguard your organization's compliance and security

Audit, anti-money laundering prevention, and cybersecurity under one team, with the regulatory rigor of SARLAFT and SAGRILAFT and a secure-development approach aligned with ISO 27001.

  • 6 specialized service lines
  • Colombia, with expansion underway to Peru and Ecuador
  • Approach aligned with ISO 27001
Bardona Audit & Consulting team presenting findings in a boardroom

Specialists in compliance, audit, and cybersecurity

We are a Colombian firm that supports regulated organizations in managing their compliance and security risks, combining deep SARLAFT and SAGRILAFT regulatory knowledge with a technical, secure-development approach.

  • A multidisciplinary team across law, audit, and technology.
  • Methodologies aligned with international standards, including ISO 27001.
  • Hands-on support, from diagnosis through implementation.
Learn more about us

We believe compliance and security aren't a burden: they're a competitive advantage when managed with the right rigor.

— Bardona Team

Compliance and security, in the field

Bardona team at workTeam session
Compliance document analysisDocument review
Client meetingClient meeting
Bardona teamOur team

Growing regional presence

We currently operate from Colombia, with expansion underway toward Peru and Ecuador.

Colombia

Active office

Head office and core operations team.

Peru

Coming soon

Expansion underway.

Ecuador

Coming soon

Expansion underway.

Let's talk about your organization's needs

Schedule a conversation with our team and discover how to strengthen your organization's compliance and security.

Contact us

Industries we serve

Sector expertise in the industries with the highest regulatory and security demands.

Banking & Financial Services
Telecommunications
Energy & Oil and Gas
Healthcare
Government
Retail
Insurance
Manufacturing
Education
Technology
Construction
Hospitality
Agriculture
Transportation & Logistics

Why choose us

  • SARLAFT and SAGRILAFT expertise

    Deep, up-to-date regulatory knowledge in AML/CTF prevention, applied by a team that audits against these frameworks routinely — not as an occasional service line.

  • Secure development and ISO 27001

    Cybersecurity is built in from the design stage, not bolted on afterward: our secure-lifecycle approach is aligned with ISO/IEC 27001.

  • Regional vision

    An operating base in Colombia, with expansion underway toward Peru and Ecuador — built for clients who need the same compliance standard across several countries.

  • Multidisciplinary team

    Legal, audit, and technology profiles working in an integrated way on every project, rather than coordinating across separate vendors.

Frequently asked questions

We answer the most common questions before you start a project with us.

How long does a typical audit or compliance project take?

It depends on scope, but an initial diagnosis usually takes 2 to 4 weeks, and a full implementation (SARLAFT, SAGRILAFT, or a cybersecurity management system) takes 2 to 4 months. In our first meeting we give you a concrete timeline for your specific case, not a generic range.

How do you protect the confidentiality of our information?

We sign a confidentiality agreement before receiving any sensitive information, restrict access to client data to the team assigned to the project, and handle personal data in accordance with Colombian Law 1581 of 2012.

What happens if you find a critical finding during the diagnosis?

We tell you immediately — we don't wait for the final report. A high-risk finding warrants a conversation the same day, with a clear containment recommendation while the full action plan is defined.

Do you work with companies outside Colombia?

We currently operate from Colombia and are in the process of expanding to Peru and Ecuador. If your organization has a regional footprint, tell us about your case — a good part of our work is already done remotely with multi-country teams.

Does support end once you deliver the report?

No. We follow up on the implementation of agreed recommendations, and for services like SARLAFT, SAGRILAFT, or SOC reports, support continues through the update and annual renewal cycles.

How does a project with Bardona start?

With a free initial conversation to understand your situation and your actual level of risk. From there we deliver a proposal with a concrete scope, timeline, and fee — no fine print.

Let's take the next step together

Write to us and we'll show you how to strengthen your organization's compliance, audit, and cybersecurity.

Contact Bardona