Privacy concerns in eCommerce projects – Neuralab path to ISO 27001 standard

We quickly realized that eCommerce systems, especially with enterprise clients, assumed large amounts of private data, heavy testing and important security controls. These data points include mostly private user data, but also internal business data such as product orders, accounting ratios and product stock levels. Our development team started to evolve good DevOps practices and, to this day, currently utilizes a set of enterprise-grade systems:

• We deploy client applications only on Google Cloud Platform with the help of our DevOps partner Kinsta
• Our local development process is based on GIT version control and Bitbucket repositories. Attached DeployBot system is looking after what code goes to staging or live servers
• Design and production team is auditing web applications as they go live to ensure maximum reliability of Customer eXperience (CX)

All in all, we had these major processes in place as they were also long-run time saviors. Additionally, we wanted to ensure that all risks, processes and handling of sensitive data are also in place. Having the right development tools is one thing, but handling private eCommerce data is a completely different topic. This is where we started to implement ISO 27001 standard. In short, ISO 27001 is a set of standardized practices in a form of guides, procedures and documents that are known and tested by the entire Neuralab crew. Also, our team conducts yearly internal audits to see whether the production is really following ISO guidelines and practices on how to handle IT systems and various data points.

The process of implementing ISO started in July 2019 and ended in February 2020. These 8 months were full of documentation writing, process changing and knowledge building as we tweaked all of our connecting parts, especially ones that have a direct connection with our clients and their data. 

But did anything change for our current clients? From a daily perspective not much. We will still use the Kanban process through Trello and version control (GIT) for our eCommerce applications. I believe the biggest impact will be the strategic and safeguarding aspects of private data. Taking care of privacy (GDPR) concerns, constantly testing applications and making sure our “business continuity” is truly continuous – these will be the cornerstones of our production towards clients. We will simply make sure that they (and their data) are in capable hands – ISO standard is just one more pillar of our philosophy – providing robust eCommerce web applications. Also, this work would not be possible without the Croatian state grant and their help in conducting the whole project.

Let us know if you have any comments or questions regarding our ISO 27001 practices. Even if you’re an IT company wanting to set up these practices in-house… contact us freely!

Photo credit: National Cancer Institute at Unsplash // Description: A librarian at the National Library of Medicine (NLM) is using an IBM computer to access PDQ. The Physicians Data Query was designed by the National Cancer Institute to help physicians obtain information about the most up-to-date protocols, physicians, and clinics treating cancer patients. 1987