Systems & Partnerships
Process
ISO 9001:2015
Here at Zoocha, quality is one of our four core values. Whether that be quality processes, quality products, quality services; we look to provide our clients with quality in whatever form of interaction they may have with us.
Quality, of course, is something that needs to be demonstrated rather than just talked about which is why wanted to achieve the ISO 9001:2015 certification.
This certification was achieved based around our existing project management methodology (largely scrum-based), and our tried and tested day-to-day processes - rather than anything developed and implemented for the purposes of achieving ISO 9001 status. Our certification was awarded by SOCOTEC, a UKAS accredited organisation.
Our final audit took place in September 2017, and was formally recognised in November 2017. We have since then successfully passed re-certification in November 2020 and November 2023. What we hope the ISO 9001 certification demonstrates to our clients is that we have the processes in place to deliver our best work consistently.
This ISO 9001 certification covers our design, development and maintenance services for Drupal applications, including cloud hosting, software and support. The scope wording is:
“The design, development, maintenance and support related to Drupal web applications, including cloud hosting, software and support.”
Please see our latest ISO 9001:2015 certificate which is valid until November 2026.
ISO 27001:2022
As with the case of quality being one of our core values, and how we wanted to demonstrate that we had processes in place to ensure that clients always got our best work by achieving ISO 9001 certification, trust is also another of our core values. An important part of this trust is ensuring that our clients can be confident that we are looking after their data and systems in a responsible and secure manner.
Zoocha already adhere to the government-backed Cyber Essentials Plus scheme, so the next logical next step in demonstrating our security credentials and capability so to achieve ISO 27001 certification.
ISO 27001 is the international standard that describes best practice for an information security management system (ISMS) and is awarded following an independent, expert assessment by a UKAS accredited certification body (in our case, SOCOTEC) of whether your data is adequately protected.
We received our ISO 27001 certification in November 2017, following two audit phases over the summer of 2017. We have since then successfully passed ISO 27001 re-certification in November 2020 and November 2023.
For us, holding the ISO 27001 certification status signifies that we are actively following information security best practice, and that our clients can trust Zoocha to safely manage the security of their data. This is paramount in a climate where cyber security is a major concern to both consumers and organisations online, and where exploits and vulnerabilities are continually being unearthed.
Our ISO 27001 certification covers our design, development and maintenance services for Drupal applications, including cloud hosting, software and support. The scope wording is:
“The design, development, maintenance and support related to Drupal web applications, including cloud hosting, software and support.”
Please see our latest ISO 27001:2022 certificate which is valid until November 2026.
ISO 27701:2019
In July 2024 Zoocha were awarded with the ISO 27701:2019 certification for Privacy Information Management.
This standard builds on the ISO 27001 standard, and focuses specifically on managing personal data. The scope coverage of this certification is the same as for our ISO 27001 certification.
By integrating ISO 27701 into our existing Information Security Management System (ISMS), we are not only enhancing our compliance framework, but also reinforcing our commitment to privacy by design.
This ISO certification underscores Zoocha's commitment to safeguarding privacy and strengthening data protection processes and procedures.
Please see our ISO 27701:2019 certificate, which is valid until November 2026.
Scrum Alliance - Certified ScrumMaster
Our Project Managers hold ScrumMaster Certifications by the Scrum Alliance certification body. Scrum is an Agile framework methodology that is ideally suited for completing complex projects. Scrum was originally designed for software development projects back in the early 1990's, but its approach works well for modern day web based application and platform development projects with non-trivial requirements.
ICO (Information Commissioners Office) Registered
"The Data Protection Act 1998 requires every organisation that processes personal information to register with the Information Commissioner’s Office (ICO), unless they are exempt."
Zoocha have been registered with the Information Commissioners Office as a Data Controller since January 2016.
Information Technology Infrastructure Library (ITIL)
In order to work and communicate effectively across a broad group of stakeholders within our larger, more institutional clients, it became apparent that we needed to deepen our understanding of the Information Technology Infrastructure Library (ITIL).
In early 2016, 3 of our team members achieved ITIL Foundation Certification, with further team members achieving the certification since. Our aim is for everyone at Zoocha who is working in a support or service function to become ITIL certified.
The ideas and language within ITIL has helped shape, and to a large part define our incident, change, service and support processes.
Cyber Essentials PLUS
Cyber Essentials PLUS is a UK Government scheme that aims to help you protect your organisation against a range of cyber attacks. This self-assessment accreditation was a useful exercise to go through ahead of our ISO27001:2013 journey.
Zoocha have been Cyber Essentials Certified since January 2016, and achieved the improved Cyber Essentials PLUS standard in October 2018, which we have been continuously revalidating.
Please see our most recent attainment of our Cyber Essentials Plus certification.
ISO 14001:2015
The ISO 14001 standard provides a framework that Zoocha follows in order to operate an effective Environmental Management System (EMS), in that our environmental impact across all business areas is being measured and improved upon.
The scope of our ISO 14001 certification covers all of the Zoocha business processes in the delivery of services:
“The design, development, maintenance and support related to Drupal web applications, and other software engineering related services, including cloud hosting, software and support.”
This ISO 14001 certification builds upon the ISO 27001 (Information Security Management) and ISO 9001 (Quality Management) certifications that we have had in place since 2017 (which were also achieved through a UKAS accredited certification body), by broadening our business processes with environmental and sustainability considerations, measurements and targets.
With our Environmental Management system now in place and fully operational, we have set the ambitious target of being carbon Net Zero by 2025 and have a number of in-flight initiatives in order to achieve this.
We hope that our ISO 14001 certification will demonstrate to all our stakeholders that our approach to environmental and sustainability is not something that we just talk about, but can also now evidence through a documented and live, externally verified set of business processes.
Please see our latest ISO 14001:2015 certificate which is valid until August 2025.
ISO 22301:2019
ISO 22301:2019 is a globally recognized standard that specifies requirements for setting up and managing an effective Business Continuity Management System (BCMS). This ensures that organisations such as Zoocha can respond effectively to disruptions, safeguarding their operations, people, and clients.
The scope of our ISO 22301:2019 certification covers all of the Zoocha business processes in the delivery of services:
"The design, development, maintenance and support related to Drupal web applications, and other software engineering related services, including cloud hosting, software and support."
Achieving this certification demonstrates our dedication to operational excellence. It reflects our ability to not only anticipate and mitigate potential disruptions but also to ensure continuity and recovery of critical functions under any circumstances. This reassurance is vital for us, our clients, and stakeholders.
As part of the certification process, we underwent a rigorous evaluation of our business continuity strategies and response plans. This assessment ensured that our BCMS aligns with international best practices and is capable of supporting continuous improvement.
This achievement adds to our existing ISO certifications, which include ISO 9001, ISO 27001, and ISO 14001.
Please see our ISO 22301:2019 certificate which is valid until January 2027.
Government baseline personnel security standard
The Government baseline personnel security standard (BPSS) can be described as the required level of screening for any individual who is working with, or on behalf of a UK government department, in order to provide a level of assurance as to those individuals honestly, integrity and trustworthiness.
BPSS checks were introduced in order to help mitigate the risk of identity fraud, illegal workers and to go someway towards protecting national security through reducing some of the risks associated with individuals working with potentially sensitive information. BPSS is now also becoming the standard level of screening that is expected in the energy, communications and financial services sectors.
The BPSS check consists of verifying the following four areas (RICE):
- Right to work: Nationality and Immigration Status (including an entitlement to undertake the work in question)
- Identity: ID Data check (electronic identity authentication- name, address, aliases, links, accounts, etc.)
- Criminal Records: Search for unspent convictions only (Basic Disclosure)
- Employment history check: Confirmation of past 3 years employment (minimum) history / activity
In addition to this, candidates are required to disclose any significant periods spent abroad (6 months or more in the past 3 years).
The full Zoocha team is BPSS cleared.
Commercial / Procurement
G-Cloud 13
Zoocha have been part of the UK Government Digital Marketplace since G-Cloud 4. The current iteration of the framework is G-cloud 13 and buyers can use the Digital Marketplace to find and compare cloud hosting, software and support with this framework.
There are thousands of cloud services on the Digital Marketplace who have all:
- confirmed information about their company and the way they work
- added information about the services that they offer
Current G-Cloud Services
- Drupal 10 Support
- Drupal 10 Cloud CMS
- Drupal Cloud CMS Implementation
- Drupal Cloud Hosting
- Drupal Consultancy
- Drupal 7 Support
- Drupal 9 Support
- Drupal 7 Cloud CMS
- Drupal 9 Cloud CMS
Digital Outcomes and Specialists
Zoocha are listing on Digital Outcomes and Specialists, a dynamic services procurement framework that enables public sector organisations to buy, design, build and deliver digital outcomes using an agile approach, by procuring the appropriate specialist resource or service to deliver agile software development.
Lot 1 (Digital Outcomes) includes:
- user experience and design
- performance analysis and data
- security
- service delivery
- software development
- support and operations
- testing and auditing
- user research
Crown Commercial Service Provider
The Crown Commercial Service (CCS) provides commercial and procurement services to public sector organisations in the UK. By using CCS agreements, public sector buyers can access commonly used goods and services quickly and cost effectively, complying with all EU and UK procurement regulations.
Zoocha has been a CCS service provider since 2013. Our services can be procured through the G-cloud and Digital Outcomes and Specialists (DOS) frameworks.
Dynamic Purchasing System (DPS)
This Dynamic Purchasing System (DPS) is a platform for the provision of Digital Services to public sector organisations in Scotland, providing access to a range of digital skills, including cyber expertise, as well as supporting the delivery of agile projects.
The Digital Services on DPS are split into 3 lots:
- Lot 1 – Digital Projects
- Lot 2 – Digital Resources
- Lot 3 – Cyber Security Services
Technical
AWS
AWS has been our preferred hosting partner since 2010 when we launched one of our early websites on it. Since then we’ve evolved from launching a basic site on a single EC2 instance, to instinctively provisioning highly-available, resilient stacks using a the full suite of AWS services at our disposal. We are also avid attenders of AWS conferences, subscribe to the AWS blog, and organise regular knowledge share sessions. We therefore have a great deal of familiarity and exposure of AWS within the team. This knowledge has also remained in our team due to our exceptionally low staff turnover.
We have also started ratifying our partnership with AWS by building closer links with various contacts within AWS, and working with members of the AWS team on joint bids.
Within our team we currently have 1 team member who has achieved the "AWS Certified Solutions Architect - Associate" certification, and several more team members who are planning to organise their AWS certification exams in early 2018.
Nielson Norman Group (NN/g) UX Certification
Understanding how and why a page works, on every device, is at the very core of producing a successful design. At Zoocha we have in depth knowledge and experience in making designs that will work for you and your customers.
The Nielson Norman Group who are internationally recognised as thought leaders in the field of UX, with their widely published and often quoted principals of Jakob Nielsen, Don Norman and Bruce Tognazzini setting their standards and leading them.
The NN/g's training and UX Certification that we achieved gave us in-depth, targeted learning about the most important UX areas, effective UX techniques and about how to deliver consistent high quality UX output.
Acquia Community Partner
We have been working with Acquia since 2012 on a variety of projects, including our work with the Financial Conduct Authority, and Payment Systems Regulator.
We have strong experience across the team in setting up and maintaining websites on their platform using their product interfaces. In addition to this we are also capable of interacting with the Cloud API so that more granular control of their deployment processes and such can be achieved, such as integration with automated testing.
Acquia Certified Developers
In the same way that it can sometimes be difficult to give clients confidence in capability in relation to quality or security, without an ISO or equivalent certification, that same thinking often applies to programming / technical ability. Historically we've always pointed to number of years experience, successful projects delivered, academic qualifications from top universities, community contributions and such to demonstrate that we know what we are doing. However, this didn't give an accurate indication of how well we knew the "thing" that we were being asked to work on (Drupal).
Since we formed back in 2009, the growth in the number of agencies offering Drupal as a service, or even proclaiming to be out-and-out Drupal specialists has exponentially increased. With that, it has made it all the more difficult for clients that are new to Drupal to be able to disseminate where the true Drupal experience and talent can be found.
The certifications offered by Acquia offer some solution to this problem as they allow developers to take a 90 minute test under controlled examination conditions in order to ascertain the level that they are currently at.
In the last third of 2017, Zoocha started a programme which aimed to get all of our developers Acquia certified. Thus far we have achieved 25 of Acquia's “Drupal Triple” certifications, as well as various other Drupal certifications across a great number of team members. Review the Acquia register to track our progress.
Drupal Association
Zoocha are an Organisation level member of the Drupal Association. In addition to this, most team members are also Individual members of the Drupal Association.
The Drupal Association is dedicated to supporting Drupal along with its community. The Drupal Association helps the Drupal community with funding, infrastructure, education, promotion, distribution and online collaboration at Drupal.org.
Over the years we have supported the Drupal Association through our attendance at all European DrupalCon events since 2011, along with sponsoring them up to "Platinum" level. On top of this, team members regularly attend UK based DrupalCamp events promoted by the Drupal Association, and offer up our office space for Drupal "code sprints".
FSQS (Financial Services Qualification System)
Zoocha is a Financial Services Qualification System (FSQS) certified supplier, which demonstrates compliance with regulations, policies and governance controls, which financial institutions such as Banks, Building Societies, Insurance Companies and Investment Companies seek from their suppliers.
This means that Zoocha's Drupal services can be procured with confidence by such institutions, and other security-conscious organisations, knowing they are dealing with a fully registered FSQS-certified company.
Achieving the FSQS certification involved completing 2 stages of assessment, where various security focussed questions had to be completed, along with evidencing our various internal policy and procedure documents. Being ISO 27001 certified already, along with possessing a Cyber Essentials Plus certification meant that a large part of the scope of the FSQS certification was covered already by our ISMS.
Zoocha have been FSQS certified since September 2022, and look forward to maintaining the certification for many years to come.