How Nyaya saved 100 hours on ISO 27001 certification

DataGuard experts helped this start-up to plug knowledge gaps and turbocharge ISO 27001 certification. Here's how.

Start-ups and SMBs can lack the expertise they need to stay on top of every business challenge. No surprise – they're often too busy disrupting new markets, scrapping for customers and trying to build a plane when it’s already in the air. It’s high-octane stuff.

But what happens when a business needs to focus on the less exciting (but equally as important) jobs? What do you do when customers start demanding information security and data privacy compliance? Where do you find the expertise you need when everyone else is so busy?

Questions that Nyaya – a company helping customers align sustainability beliefs with financial decisions – found themselves asking in 2023.

Real external experts fill in-house knowledge gaps

In this case, it was Nyaya COO Hubert Beaulat was asking the questions. Why? Because his potential customers were all telling him the same thing: Be ISO 27001 compliant or risk losing our business.

But like many small companies, Nyaya didn’t have dedicated people or expertise to manage the ISO certification process. So, the responsibility fell to Hubert.

“Information Security isn’t the most exciting part of my job, but it’s something I have to do at the moment because we don’t have the experience in our team,” confides Hubert. “So having someone from DataGuard who can guide me, provide explanations and help us do all the procedural heavy lifting was instrumental.”

Using DataGuard helped Nyaya reduce ISMS set-up and documentation time by 66%

And there can be a lot of heavy lifting. For example, part of the Nyaya certification process was building an Information Security Management System (ISMS). This requires a lot of documentation - a significant burden for a busy COO.

Protecting Nyaya’s commercial future by getting compliant fast

"We would have had to learn everything from scratch," says Hubert. "And with the sheer number of procedures we needed to do, it was impossible for me to learn everything. Being able to rely on DataGuard’s knowledge and experience was a total game changer."

Nyaya estimates that documenting 50 procedures for the ISMS project would typically have taken 3 hours per procedure. However, using existing templates in the DataGuard platform drastically improved that. Documents required less editing or rework— and only a handful of documents needed any adjustments at all.

The result? A reduction in time taken to 50 hours – a 66% saving.

Customers expect the highest compliance standards

There are many reasons to get ISO 27001 certified. But one of the key drivers for Hubert and his team was to demonstrate to potential customers that Nyaya held itself accountable to the very highest standards of data privacy and information security.

“We’re developing this innovative software for banks and financial institutions,” Hubert tells us. “It’s a sector where clients are particularly eager to ensure their data is fully protected. So, getting ISO 27001 certified was a critical step to demonstrate our commitment to the market that we manage data in the most efficient and secure way.”

Creating a security-first mindset from day one

But it wasn’t just a “one-and-done" effort to keep the flow of new deals open. Even at such an early stage in the development of the business, Hubert and his team wanted to focus on ongoing and continuous improvement.

“We set up the company intending to build the right practices to enable us to engage with large institutions right away,” says Hubert. “And that’s really important to me. It helps establish a mindset. It's about making sure that the whole team understands what’s important and can put it into practice.”

And a great way to do that is to use the DataGuard Academy.

“We started using Dataguard Academy to make sure we have critical mandatory security training in place with the team and the platform works well. We've already chosen three compulsory training modules, and it's going great so far.”

But the DataGuard platform isn’t just a repository for critical knowledge. Admins can access analytics to understand how many users have completed training modules and assess completion rates. “I'm using the DataGuard to monitor that everybody has complied,” Hubert says. “It’s essential that we have visibility that people have completed mandatory training within the allocated time frame. The DataGuard platform gives us that.”

Why stay with DataGuard?

“The relationship we've built with our DataGuard expert means a lot to me,” Hubert says. “I know he’s there when I need him, and I know he’s always going to be providing guidance. Plus, we’ve still got a lot of work to do!”

So, it’s just the beginning for the ambitious start-up. While the ISO 27001 certification was a critical first step, Nyaya has ambitious plans for its ongoing compliance journey. Some of the first tasks will be to fully migrate to the DataGuard platform and plan for the transition to ISO 27001:2022.