
How Nyaya saved 100 hours on ISO 27001 certification
“Getting ISO 27001 certified was a critical step to demonstrate our commitment to the market that we manage data in the most efficient and secure way.”

Hubert Beaulat
COO
Nyaya
Nyaya builds software solutions that help customers align their sustainability beliefs with their financial decisions.
Location
United States
Company size
Small & medium business
Industry
FinTech
Product
Security
ISO 27001 made simple: Nyaya’s journey with DataGuard
Start-ups and SMBs can lack the expertise they need to stay on top of every business challenge. No surprise – they're often too busy disrupting new markets, scrapping for customers and trying to build a plane when it’s already in the air. It’s high-octane stuff.
But what happens when a business needs to focus on the less exciting (but equally as important) jobs? What do you do when customers start demanding information security and data privacy compliance? Where do you find the expertise you need when everyone else is so busy?
Questions that Nyaya – a company helping customers align sustainability beliefs with financial decisions – found themselves asking in 2023.
Challenge
Tight timelines, growing demand, no in-house expertise
As a company developing innovative software for financial institutions, Nyaya knew that handling sensitive financial data came with high expectations. Information security quickly became a critical topic.
While the team was focused on building a strong product and delivering value to customers, they also felt a growing urgency to prove they could manage data securely and meet the strict requirements of the industry.
Potential clients began asking Nyaya's COO the same question: Are you ISO 27001 certified? Certification wasn’t just a nice-to-have—it had become a prerequisite for doing business.
Nyaya took these demands seriously—but like many small teams without dedicated compliance or security roles, the task of managing certification landed on Nyaya's COO's desk.
Key challenges:
- No in-house compliance or security expertise
- High urgency due to sensitive financial data
- Certification required to meet client demands
- Information Security Management System (ISMS) setup was complex and time-intensive
- Limited resources and capacity to manage the process
- Business risk without recognized certification
Solution
Structured platform support, expert guidance, and a strong compliance foundation
To meet client expectations and move quickly towards ISO 27001 certification, Nyaya partnered with DataGuard. The platform provided a clear structure, pre-built templates, and real-time visibility—making it easier to manage tasks and track progress. Combined with personal guidance from a dedicated expert, it gave the team exactly what they needed to close internal gaps and establish a strong, security-focused foundation from the start.
How DataGuard helped:
- Structured ISMS setup with ready-to-use templates
Pre-built ISO 27001 templates enabled the team to document processes efficiently—without starting from scratch. - Efficient documentation with minimal rework
Most procedures required little to no editing. Nyaya reduced documentation time by 66%, significantly easing the internal workload. - Training tools to build a security-first culture
With DataGuard Academy, Nyaya rolled out mandatory training and ensured the team understood key security principles from day one. - Platform visibility and control
Real-time insights into training progress and compliance activities helped the team stay on track and maintain full oversight. - Confidence in front of customers
Certification, backed by a structured approach, enabled Nyaya to meet client expectations and prove its commitment to information security.
- Expert support to close internal knowledge gaps
Personal guidance from a dedicated DataGuard expert helped Nyaya navigate each step of the certification process with clarity and confidence.
With expert support and the structured guidance of the DataGuard platform, ISO 27001 certification became a clear, manageable process—streamlined even for a team without in-house compliance resources.
Results
Faster certification, stronger foundation, and greater trust
With the support of the DataGuard platform, Nyaya turned a complex certification process into a streamlined project—achieving ISO 27001 certification on the first attempt.
Using the platform’s pre-built templates, the team documented 50 procedures with minimal rework and reduced ISMS setup time by 66%. Tasks that would have taken around 150 hours manually were completed in just 50—saving around 100 hours with clear guidance and structure every step of the way.
Beyond certification, the platform helped embed compliance into daily operations. With the DataGuard Academy, Nyaya launched three mandatory training modules and used built-in analytics to monitor completion across the team. Everything stayed on track—from documentation to team enablement.
Nyaya's key achievements:
- Certified to ISO 27001 on the first attempt
- Cut ISMS documentation time from 150 to 50 hours
- Finalized 50 procedures with minimal internal rework
- Launched company-wide security training via the platform
- Gained real-time oversight of team training progress
- Embedded scalable compliance processes from day one
Looking ahead
Continuing the journey with confidence
Achieving ISO 27001 certification was a key milestone—but just the beginning of Nyaya’s broader compliance journey. With a strong foundation in place, the team is now focused on scaling their efforts: fully migrating to the DataGuard platform, maintaining a high standard of security practices, and preparing for the transition to ISO 27001:2022.
With structured workflows, ongoing training, and real-time oversight all in one platform, Nyaya is well-equipped to turn compliance into a continuous, scalable process—ready to meet future requirements and customer expectations alike.
DataGuard experts helped this start-up to plug knowledge gaps and turbocharge ISO 27001 certification. Here's how.
Top 3 benefits for Nyaya
- Using DataGuard expertise to fill internal knowledge gaps
Real-life experts – Using dedicated experts in addition to the DataGuard platform saved time and made certification significantly easier. - Protecting commercial future by getting compliant fast
ISO 27001 certification – Passing ISO 27001 certification on the first attempt helped Nyaya to prove essential information security credentials to the market. - Creating a security-first mindset from day one
DataGuard Academy - Giving people easy access to mandatory training - and checking that they complete it on time helped Nyaya get (and stay) compliant.
Start-ups and SMBs can lack the expertise they need to stay on top of every business challenge. No surprise – they're often too busy disrupting new markets, scrapping for customers and trying to build a plane when it’s already in the air. It’s high-octane stuff.
But what happens when a business needs to focus on the less exciting (but equally as important) jobs? What do you do when customers start demanding information security and data privacy compliance? Where do you find the expertise you need when everyone else is so busy?
Questions that Nyaya – a company helping customers align sustainability beliefs with financial decisions – found themselves asking in 2023.
Real external experts fill in-house knowledge gaps
In this case, it was Nyaya COO Hubert Beaulat was asking the questions. Why? Because his potential customers were all telling him the same thing: Be ISO 27001 compliant or risk losing our business.
But like many small companies, Nyaya didn’t have dedicated people or expertise to manage the ISO certification process. So, the responsibility fell to Hubert.
“Information Security isn’t the most exciting part of my job, but it’s something I have to do at the moment because we don’t have the experience in our team,” confides Hubert. “So having someone from DataGuard who can guide me, provide explanations and help us do all the procedural heavy lifting was instrumental.”
Using DataGuard helped Nyaya reduce ISMS set-up and documentation time by 66%
And there can be a lot of heavy lifting. For example, part of the Nyaya certification process was building an Information Security Management System (ISMS). This requires a lot of documentation - a significant burden for a busy COO.
Protecting Nyaya’s commercial future by getting compliant fast
"We would have had to learn everything from scratch," says Hubert. "And with the sheer number of procedures we needed to do, it was impossible for me to learn everything. Being able to rely on DataGuard’s knowledge and experience was a total game changer."
Nyaya estimates that documenting 50 procedures for the ISMS project would typically have taken 3 hours per procedure. However, using existing templates in the DataGuard platform drastically improved that. Documents required less editing or rework— and only a handful of documents needed any adjustments at all.
The result? A reduction in time taken to 50 hours – a 66% saving.
Customers expect the highest compliance standards
There are many reasons to get ISO 27001 certified. But one of the key drivers for Hubert and his team was to demonstrate to potential customers that Nyaya held itself accountable to the very highest standards of data privacy and information security.
“We’re developing this innovative software for banks and financial institutions,” Hubert tells us. “It’s a sector where clients are particularly eager to ensure their data is fully protected. So, getting ISO 27001 certified was a critical step to demonstrate our commitment to the market that we manage data in the most efficient and secure way.”
Creating a security-first mindset from day one
But it wasn’t just a “one-and-done" effort to keep the flow of new deals open. Even at such an early stage in the development of the business, Hubert and his team wanted to focus on ongoing and continuous improvement.
“Getting ISO 27001 certified was a critical step to demonstrate our commitment to the market that we manage data in the most efficient and secure way.”Hubert Beaulat, COO, Nyaya
“We set up the company intending to build the right practices to enable us to engage with large institutions right away,” says Hubert. “And that’s really important to me. It helps establish a mindset. It's about making sure that the whole team understands what’s important and can put it into practice.”
And a great way to do that is to use the DataGuard Academy.
“We started using Dataguard Academy to make sure we have critical mandatory security training in place with the team and the platform works well. We've already chosen three compulsory training modules, and it's going great so far.”
But the DataGuard platform isn’t just a repository for critical knowledge. Admins can access analytics to understand how many users have completed training modules and assess completion rates. “I'm using the DataGuard to monitor that everybody has complied,” Hubert says. “It’s essential that we have visibility that people have completed mandatory training within the allocated time frame. The DataGuard platform gives us that.”
“We've already chosen three compulsory training modules from the DataGuard Academy, and it's going great so far.”Hubert Beaulat, COO, Nyaya
Why stay with DataGuard?
“The relationship we've built with our DataGuard expert means a lot to me,” Hubert says. “I know he’s there when I need him, and I know he’s always going to be providing guidance. Plus, we’ve still got a lot of work to do!”
So, it’s just the beginning for the ambitious start-up. While the ISO 27001 certification was a critical first step, Nyaya has ambitious plans for its ongoing compliance journey. Some of the first tasks will be to fully migrate to the DataGuard platform and plan for the transition to ISO 27001:2022.