.svg)
Ellie.ai is a 17-person software company building data modeling tools for enterprise customers. As security became a growing need in their customer base, they set out to earn ISO 27001 certification. Cyberday helped them build a clear security system, and shift the entire company’s mindset in the process.
Vendor assessments are a gatekeeper to new deals
Ellie.ai’s customers are large international organizations, many of whom already hold certifications like the ISO 27001. That means their vendors, including Ellie.ai, are expected to meet equivalent security standards.
In practice, every new sales opportunity comes with a detailed security questionnaire. These are used to evaluate whether a supplier’s practices are trustworthy and compliant. Mikael Lavi, the company's Software Architect and DPO explains:
“Every questionnaire is rooted in the same thing: if the customer is certified, they must ensure their supply chain is too. That leads to a long list of questions for us.”
These reviews can span hundreds of questions and always require manual attention. But without structured processes, they hinder sales velocity far more than necessary.
“We wanted to remove friction from negotiations. Having a certificate and a ready-made package makes the conversation smoother and builds trust faster.”
Challenge: Building trust without burning out
Security wasn’t new to Ellie.ai, but their process was far from scalable. Responses to customer questionnaires were put together manually in Google Drive. It worked to a point, but quickly slowed things down.
“For us, certification was a way to show we take security seriously. But more than that, it makes it easier to close deals with large customers.”
The benefits were clear. But as a small team, the project felt overwhelming at first.
“Starting out felt like walking into a tunnel with no light at the end of it. We had no idea what exactly needed to be done.”
Solution: Cyberday brought clarity and direction
In early 2025, Ellie.ai kicked off their security initiative, with a clear goal: achieve ISO 27001 certification. They compared several tools, from major international players to local providers, and ultimately chose Cyberday.
“It was refreshing to find a Finnish provider with a practical, clear platform. And it felt good to support a local company too.”
Cyberday gave Mikael and his team the structure to move forward step by step. Built-in guidance and documentation support helped translate security goals into daily action. Customer support played a key role as well:
“Whenever we weren’t sure what to do next, we just booked time with a Cyberday expert. After the call, we’d have a clear way forward.”
Before Cyberday: Security without structure
Before adopting Cyberday, Ellie.ai handled security in a scattered way: storing files and documents in shared folders with no real framework.
“We didn’t start completely from scratch, but we had no structure. Cyberday gave us the foundation and tools to build a real system.”
Cyberday’s Trust Center and documentation tools also made it easier to communicate their security posture externally, reducing back-and-forth and helping customers find what they need faster.
Results: Certification, culture shift, and confidence
Ellie.ai earned their ISO 27001 certification in November 2025, just a few weeks before this interview. They completed the entire project without outside consultants, investing time but gaining expertise.
“Because we did the work ourselves, we now truly understand how our security system works. It wasn’t a one-off project, and now it has become part of our daily operations.”
One of the most visible results has been a cultural shift. Security is no longer one person’s responsibility,it’s something the entire company considers in their work. Mikael notes:
“People now come to ask: ‘Does this have a security impact?’ That’s a huge shift. The whole team is thinking about security proactively.”
Although the certificate hasn’t yet directly “won” them deals yet, Mikael says the difference in the sales process is already noticeable:
“If a questionnaire doesn’t come because we’re certified, that’s already a win. And when they do, it’s much easier to respond as everything is already in place.”
Advice for others in the same position
Mikael encourages others starting similar projects to seek out peers who’ve already been through the process and learn from them early on.
“I wish I had asked more questions from people who’ve done this before. Every company thinks their case is unique, but usually someone has solved the same problem already.”
Ellie.ai made full use of Cyberday’s support throughout the project. Expert sessions helped clarify the next steps and keep the team moving.
“There were times when our core team felt quite lost. When that happened, we just reached out and always got clear, helpful answers. That gave us confidence to keep going.”
What felt impossible became achievable
While Cyberday isn’t a one-click certification machine, it did give Ellie.ai the structure, support and direction to build a security management system that fits their business. And it helped them reach the ISO 27001 certification efficiently.
“Cyberday gave us the structure, the support, and the direction. Without it, we’d probably still be piecing things together in Google Drive.”
Want similar results?
Take the first step toward organized, transparent, and trustworthy security. Start your free trial now.
.svg)
.svg)
