How Docue earned ISO 27001 certification on their own terms

How Docue achieved full ISO 27001 certification across their entire organization, passing the audit with zero major non-conformities using Cyberday.

100%
ISO 27001 completion
0
major non-confirmities in audit
Industry
Software
Company
Docue
Visit website ->

Used Frameworks

Docue is a fast-growing legal tech company helping businesses create legally binding documents quickly and confidently. Their smart platform combines automation, expert-built templates, and electronic signing in one solution.

Today, SMEs across Europe rely on Docue to handle everything from employment contracts to commercial agreements, with localized legal content for Finland, Sweden, Germany, the UK, and Poland.

As their customer base grew, especially with large, security-conscious enterprises, Docue needed to strengthen their information security posture. Instead of hiring consultants or launching a complex project, they turned to Cyberday.

Compliance pressure kicks in

Docue had strong security practices in place from the start, especially around product development and maintenance. But these practices weren’t formally documented or structured under any recognized compliance framework.

“We weren’t aiming for a certificate initially,” said Lars Remes, Docue’s product manager and CISO. “But our customers, some of them large public companies, started asking questions. Eventually, the pressure to prove compliance became unavoidable.”

NIS2 and national cybersecurity laws added to that urgency. Docue realized ISO 27001 certification would soon be a baseline requirement for vendors like them.

They needed a solution that wouldn’t pull team members away from their core work.

“We evaluated different solutions. What appealed about Cyberday was that it gave us the tools and knowledge to handle the work ourselves, at our own pace.”
Lars Remes, Product Manager & CISO, Docue

A system that fit

Docue chose Cyberday because it gave them control. “We could get started immediately, without needing to schedule a kick-off workshop or make a big project plan,” Lars said.

Even without a certification goal at the outset, Cyberday gave them a concrete path forward. They started small, getting visibility into what needed to be done, and gradually involved more people from finance, administration, and other departments.

“It was important that we could start using the system without having to commit to a huge project,” Lars said.

Cyberday’s structured task lists, role assignments, and dashboard views helped Docue bring structure to what was a significant, months-long effort.

"We just set the goal: everything needs to be green in Cyberday. That gamified the process in a good way."

“Cyberday helped us stay on top of the process, but certification still required sustained commitment from across the company,” Lars said.

How to utilize Cyberday

Risk-based compliance management

Your security team can automate risk assessments, linking mitigation actions directly to compliance requirements.

Seamless policy & documentation handling

Instead of juggling multiple spreadsheets and documents, our platform allows you to manage all policies, controls, and audit evidence in one place.

Automated reporting

Generating reports for audits and regulatory bodies is now quick and automated, reducing administrative overhead.

Lessons learned

Lars’s advice to others: set realistic goals early on. Don’t aim for perfection. Focus on what's critical, and improve from there.

Many teams overcomplicate ISO 27001 by trying to implement every possible control right away. Lars recommends the opposite:

"The standard requires one or more controls for each topic. Cyberday made it easy to identify existing controls and gave ideas for new ones."

Lars recommends each organization define their own target level when getting started. That makes it easier to move forward, avoid getting stuck, and build a solid base for continuous improvement.

“We tried to do everything perfectly at once. In hindsight, it would’ve been enough to start simpler and build from there.”

This mindset shift helped the team avoid unnecessary work, while still meeting the requirements and passing the audit cleanly.

Moving forward

Docue’s ISO 27001 certification followed a comprehensive, independent audit, and they passed it on the first try, with no major non-conformities. It was a significant company-wide effort, covering all teams and operations across the Docue Group.

“Now we have a system in place. We’re operating on a continuous improvement cycle, and Cyberday helps us stick to it,” Lars said.

But certification isn’t the end point. Maintaining it requires annual audits, regular internal reviews, and a commitment to constant improvement. Docue is continuing to invest in its security management system to stay ahead of evolving threats and expectations.

Cyberday gave them the structure to manage the work internally, and on their terms, without turning it into a heavyweight project.

The result? A successful ISO 27001 certification, better internal alignment, and a scalable way to meet evolving security and compliance demands.

Start a free Cyberday trial and build a security program that fits your team, on your own terms.

Get started today

Start free, in your familiar Teams environment.
If you have some questions first, book a meeting with us.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementDynamic policy documentsPrivacy management
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security