tosbourn

We helped Niice get their ISO certification

We're so happy to share that Niice achieved their ISO certification, we played a small part of it.

Written by Toby Osbourn

Niice, who are an amazing brand hub for creative teams, recently got their ISO 270001 certification, and we helped! In this post we gush a bit because they are one of our favourite clients we’re really happy for them.

What is ISO 27001?

ISO 27001 is a standard that helps companies protect their information.

It provides a framework for managing and securing sensitive data like customer or employee data. Think of it like a set of rules and guidelines that help companies keep their information safe from unauthorised access, theft, or damage.

To comply with ISO 27001, companies need to identify and assess the risks to their information, and then put in place measures to reduce those risks. This could involve things like setting strong passwords, encrypting data, regularly backing up information, and restricting access to certain individuals. The goal is to create a secure environment where information is properly managed and protected.

Why get ISO 27001?

There are loads of reasons that companies decide to go for certification, the most common one is that their client’s ask for it. Keeping a client’s IT team happy can really help reduce the sales process!

Niice were in an excellent position to attempt certification though, because there were already doing lots of the stuff they would need to do, they just weren’t shouting about it in ways that IT teams would be happy with.

Niice did some incredible work

If you’ve been a part of the Northern Ireland tech or web scene for any number of years you have maybe spoken to the founder of Niice, Chris Armstrong.

One of the things they aren’t great at is tooting their own horn, so let me take a few sentences to congratulate the Niice team for their work on this.

Chris has put together an amazing company, small by design and serving companies 100 times their size with a really solid product built on excellent principals.

It is a testament to the entire team that the majority of the work involved highlighting and documenting what was already being done, with only minor tweaks to current processes needed.

I’ve worked with lots of companies the same size and shape as Niice who would have a lot harder a time of getting through an audit!

Any time I needed to steal someone’s attention to help clarify or work on something ISO 27001 related, people were more than willing.

The end result of all of this ISO work, Niice’s ISMS I think is a great reflection of Niice as a company. It follows the spirit of all relevant standards, but in a uniquely Niice way. By which I mean, low touch, high trust, and well designed.

Five adults standing in a sunny street holding ice creams and iced drinks. Four of the people work for Niice and one of them is Toby who works for tosbourn ltd.
Little did we know this would be one of the last times we had an ice cream without being ISO 270001 certified!

How we helped

More than a year ago we started discussing how if we had ISO 27001 certification it would save so much time over responding to long lists of security questions from potential clients.

I opened my big mouth and mentioned that I’d helped folk like Barnardo’s keep their ISO 27001 certification before. Fast forward several months and I’m helping walk an auditor through our development processes!

Lots of happened between me piping up and us passing the audit.

We worked closely with the internal Niice team and their ISO delivery partner, Vertical Structure, to lead on the technical policies and insuring all controls were in place adhered to.

This meant lots of writing and editing. It is a challenge to come up with policies and procedures that allow a small team to work at pace and stay within policy.

As I mentioned, Niice were already doing lots of the right stuff. So another challenge was making sure that all this stuff is evidenced without disrupting the day to day flow too much.

You might wonder if they had a delivery partner, why they’d also need to work with us on it.

Because of our previous work, we were in a unique position of knowing the tech stack Niice use incredibly well. By working with us their technical team can continue to work on the roadmap whilst we make sure any policies work with their stack and team.

This is just the beginning

Anyone who has been involved in ISO certification will tell you, the certificate is just the first step. The real work comes when the controls are poked and prodded by the real world under use.

We have every confidence in the team that they will be able to ace follow up audits; we will of course provide support when and where needed.

Congratulations again to Niice, and thank you for letting us be a part of it!

Recent posts View all

Ruby

Forcing a Rails database column to be not null

How you can force a table column to always have something in it with Rails

Apr 2024

Writing Marketing

We've deleted an article's worth of unhelpful words

We've improved several pages across our site by removing words that add no value, and often detract from the article.

Apr 2024