Curvestone

How a team of AI and automation specialists used ISO 27001 to unlock closed doors

Standards: ISO 27001
Industry: AI and automation

Introduction

Established in 2017, Curvestone embarked on a mission to assist businesses in realising their ambitions of incorporating 
AI and automation into their daily operations – enhancing workflows, liberating individuals to make substantial impacts, and empowering organisations to make transformative changes in their business models.

Dawid (Co-founder and CEO) notes that Curvestone’s ISO 27001 certification often serves as a turning point in discussions with corporate clients. He observed, “Corporates are keen to collaborate with innovative companies like us, but procurement processes and concerns about our longevity can cause reservations. When we mention our ISO 27001 certification, it instantly reassures clients of our seriousness and commitment, shifting the conversation to how we can address their business challenges.”
Beyond the commercial benefits, Curvestone’s management found that the process of integrating the security standards into their operations instilled a newfound confidence in the team, from data handling to development against secure standards.

Approach and Implementation

Over a span of five months, twoSB collaborated with Curvestone to construct an ISO 27001 certified Information Security Management System. Breanna (Co-founder and CDO) remarked, “Working with twoSB was a delight. They truly grasped our business needs and ensured that the system we developed was tailored to us. Staff communication and engagement were crucial – while elements of ISO 27001 are indeed scientific, there’s an art to perfecting it, and twoSB’s consultancy helped us achieve that!”

A key success factor in the implementation with Curvestone was the high level of team engagement. Seb (Co-founder and CPO) believes this was achieved through:

System integration:

Utilising the company’s existing tech stack, including Airtable & Notion, to create an accessible and actionable framework.

Founder involvement:

The active participation of the founders in the process, which created a gravitational pull, drawing the team into the system.

Focus on communication:

Strategically planned communications with twoSB’s assistance. Briefing sessions were used to engage the team

Widening involvement:

Assigning ownership of specific project elements to key individuals and holding them accountable for success.

Although Curvestone anticipated the benefits that ISO 27001 brought in terms of securing key contracts and improving information security, they also found unanticipated benefits. These included increased staff confidence in their work, higher development and deployment standards, peace of mind for Curvestone’s management, high staff engagement in security, and assurance that legal duties were fulfilled.

Dawid, Seb, Breanna understood that achieving ISO 27001 certification was the beginning of an ongoing journey. 4 years on, twoSB have continued their relationship with Curvestone, and are helping them navigate security and compliance elements related to the release of their new AI product, WorkflowGPT.