When we started AhaSend, we made a deliberate choice to build on European infrastructure, under European law, for customers who take compliance seriously. That wasn't a marketing decision. It was a conviction about how a company handling other people's customer data should operate.
ISO 27001 is the next step in that conviction.
Last month we started the certification process. Not because a customer demanded it or a competitor announced it. But because it is the right thing to do when you're asking businesses to trust you with the email infrastructure behind their software.
What ISO 27001 actually means
ISO 27001 is the internationally recognised standard for information security management. It doesn't just ask whether you have the right controls in place. It requires you to demonstrate a systematic, documented approach to identifying risks, implementing controls, monitoring effectiveness and continuously improving.
Done properly, it's not a checkbox. It's a forcing function. Working through it means reviewing every aspect of how we handle data, manage access, respond to incidents, and maintain operational continuity. It makes us a more rigorous, more trustworthy service.
Who we're working with
We're working with two specialists to guide the process.
Tidal Control is leading the information security management framework. Tidal specialises in helping technology companies build structured, audit-ready security programmes.
Riskwork is handling the risk management side. Sound risk assessment is the backbone of ISO 27001.
Where we are
The process is underway. We're working through risk assessment, control implementation, documentation, and preparation for the formal audit. We'll keep you posted along the way and announce certification when it's done.