Systems & Partnerships

ISO 27001:2022 is the internationally recognised standard for Information Security Management Systems (ISMS). It provides a structured framework for managing information security risks and protecting the confidentiality, integrity and availability of information across an organisation.

At Zoocha, information security is fundamental to how we operate. Our clients trust us with their websites, applications, infrastructure and data, and our ISO 27001:2022 certification demonstrates our commitment to protecting these assets through robust governance, risk management and security controls.

The scope of our ISO 27001:2022 certification covers all of the Zoocha business processes in the delivery of services:

"The design, development, maintenance and support related to Drupal web applications, and other software engineering related services, including cloud hosting, software and support."

Achieving (back in 2017) and maintaining ISO 27001 certification demonstrates that Zoocha has implemented a comprehensive Information Security Management System that is independently assessed against internationally recognised best practices. This provides assurance that information security is embedded throughout our organisation, from project delivery and software development to hosting, support and internal operations.

For our clients, this means confidence that security risks are actively identified, assessed and managed through a continual improvement process. It also demonstrates our commitment to maintaining effective controls that support compliance, resilience and the secure delivery of digital services.

As part of the certification process, our Information Security Management System is regularly audited by a UKAS-accredited certification body to ensure ongoing compliance with the standard and continued effectiveness of our security controls.

This certification complements Zoocha's wider portfolio of ISO certifications, including ISO 9001, ISO 14001, ISO 20000-1, ISO 22301 and ISO 27701, providing a strong foundation for secure, reliable and high-quality service delivery.

Please see our latest ISO 27001:2022 certificate, which is valid until 13 November 2026.

ISO 9001:2015 is the internationally recognised standard for Quality Management Systems (QMS). It provides a framework for organisations to consistently deliver products and services that meet customer requirements while driving continual improvement across their operations.

At Zoocha, quality is one of our core values. From digital strategy and user experience design to software development, hosting and support, we are committed to delivering high-quality services that create value for our clients and their users.

The scope of our ISO 9001:2015 certification covers all of the Zoocha business processes in the delivery of services:

"The design, development, maintenance and support related to Drupal web applications, and other software engineering related services, including cloud hosting, software and support."

Zoocha first achieved ISO 9001 certification in 2017 following an independent assessment by a UKAS-accredited certification body. Since then, we have successfully maintained and renewed our certification through ongoing surveillance and re-certification audits, demonstrating our long-term commitment to quality management and continual improvement.

For our clients, ISO 9001 provides assurance that Zoocha operates consistently, measures performance, manages risk and continually seeks opportunities to improve the quality of its services. It reflects our commitment to delivering projects and ongoing services that meet expectations while maintaining high standards of professionalism, reliability and customer satisfaction.

Our Quality Management System is regularly audited by a UKAS-accredited certification body to verify its effectiveness and ensure continued compliance with the standard.

This certification complements Zoocha's wider portfolio of ISO certifications, including ISO 14001, ISO 20000-1, ISO 22301, ISO 27001 and ISO 27701, demonstrating our commitment to quality, security, resilience, service excellence and responsible business practices.

Please see our latest ISO 9001:2015 certificate, which is valid until November 2026.

In July 2024 Zoocha were awarded with the ISO 27701:2019 certification for Privacy Information Management.

This standard builds on the ISO 27001 standard, and focuses specifically on managing personal data. The scope coverage of this certification is the same as for our ISO 27001 certification.

By integrating ISO 27701 into our existing Information Security Management System (ISMS), we are not only enhancing our compliance framework, but also reinforcing our commitment to privacy by design.

This ISO certification underscores Zoocha's commitment to safeguarding privacy and strengthening data protection processes and procedures.

Please see our ISO 27701:2019 certificate, which is valid until November 2026.

ISO 14001:2015 is the internationally recognised standard for Environmental Management Systems (EMS). It provides a framework for organisations to identify, manage, monitor and continually improve their environmental performance, helping to reduce environmental impact and support long-term sustainability goals.

At Zoocha, we recognise that responsible business practices extend beyond the services we deliver. We are committed to understanding and reducing the environmental impact of our operations, while embedding sustainability considerations into the way we work, make decisions and engage with our stakeholders.

The scope of our ISO 14001:2015 certification covers all of the Zoocha business processes in the delivery of services:

"The design, development, maintenance and support related to Drupal web applications, and other software engineering related services, including cloud hosting, software and support."

Zoocha achieved ISO 14001 certification in 2022, building upon the foundations established through our ISO 9001 Quality Management System and ISO 27001 Information Security Management System, both of which have been in place since 2017. The introduction of our Environmental Management System expanded our governance framework to include environmental performance, sustainability objectives and continual environmental improvement.

Achieving and maintaining ISO 14001 certification demonstrates that Zoocha has implemented a structured and independently assessed Environmental Management System. This enables us to measure environmental impacts, establish meaningful objectives, monitor performance and drive continual improvement across the organisation.

The framework provided by ISO 14001 played a significant role in helping Zoocha achieve its goal of becoming Net Zero in 2025. Through the implementation of environmental objectives, measurement processes, reduction initiatives and ongoing performance monitoring, our Environmental Management System provided the governance and accountability needed to support this milestone.

For our clients, partners and stakeholders, ISO 14001 provides assurance that environmental responsibility is embedded within our business operations rather than treated as a standalone initiative. It reflects our commitment to managing resources responsibly, reducing environmental impact and supporting sustainable business practices through measurable actions and continuous improvement.

As part of the certification process, our Environmental Management System is regularly audited by a UKAS-accredited certification body to verify its effectiveness and ensure continued compliance with the standard.

This certification complements Zoocha's wider portfolio of ISO certifications, including ISO 9001, ISO 20000-1, ISO 22301, ISO 27001 and ISO 27701, demonstrating our commitment to quality, security, resilience, service excellence and environmental responsibility.

Please see our latest ISO 14001:2015 certificate.

ISO 22301:2019 is the internationally recognised standard for Business Continuity Management Systems (BCMS). It provides a framework for organisations to prepare for, respond to and recover from disruptive incidents, ensuring that critical services can continue to operate during unexpected events.

At Zoocha, resilience is a fundamental part of how we deliver services. Our clients depend on us to support business-critical websites, applications, hosting platforms and digital services. Maintaining continuity of service, even during challenging circumstances, is therefore a key responsibility and an important part of our commitment to clients.

The scope of our ISO 22301:2019 certification covers all of the Zoocha business processes in the delivery of services:

"The design, development, maintenance and support related to Drupal web applications, and other software engineering related services, including cloud hosting, software and support."

Zoocha achieved ISO 22301 certification as part of the continued evolution of our integrated Business Management System, building upon the foundations established through our Quality, Information Security and Environmental Management Systems. The introduction of our Business Continuity Management System formalised our approach to resilience, incident response, disaster recovery and organisational preparedness.

Achieving and maintaining ISO 22301 certification demonstrates that Zoocha has implemented a structured and independently assessed Business Continuity Management System. This enables us to identify potential threats, assess business impacts, develop response strategies and regularly test our plans to ensure that critical services can continue to operate during periods of disruption.

For our clients, partners and stakeholders, ISO 22301 provides assurance that Zoocha takes a proactive approach to resilience. It demonstrates that we have established processes, governance and recovery plans designed to minimise disruption, protect service delivery and support the continuity of critical business functions.

As part of the certification process, our Business Continuity Management System is regularly audited by a UKAS-accredited certification body to verify its effectiveness and ensure continued compliance with the standard.

This certification complements Zoocha's wider portfolio of ISO certifications, including ISO 9001, ISO 14001, ISO 20000-1, ISO 27001 and ISO 27701, demonstrating our commitment to quality, security, resilience, service excellence and responsible business practices.

Please see our latest ISO 22301:2019 certificate, which is valid until January 2027.

ISO 20000-1:2018 is the internationally recognised standard for IT Service Management (ITSM). It specifies the requirements for establishing, implementing, maintaining and continually improving a Service Management System (SMS), ensuring that organisations deliver high-quality, reliable and customer-focused services.

The scope of our ISO 20000-1:2018 certification covers all of the Zoocha business processes in the delivery of services:

"The design, development, maintenance and support related to Drupal web applications, and other software engineering related services, including cloud hosting, software and support."

Achieving this certification demonstrates our commitment to delivering consistently high standards of service management. It reflects our ability to design, transition, deliver and improve services through well-defined processes, effective governance and a strong focus on customer satisfaction.

For our clients, ISO 20000-1:2018 provides assurance that Zoocha operates a structured and independently assessed Service Management System. This enables us to manage service quality, incidents, changes, risks and continual improvement activities in a controlled and effective manner, helping to ensure reliable service delivery and long-term operational success.

As part of the certification process, we underwent a comprehensive assessment of our service management practices, policies and procedures. This evaluation confirmed that our Service Management System aligns with internationally recognised best practices and supports continual improvement across all aspects of service delivery.

This achievement complements our wider portfolio of ISO certifications, including ISO 9001, ISO 14001, ISO 22301, ISO 27001 and ISO 27701.

Please see our ISO 20000-1:2018 certificate, which is valid until 01 December 2028.

Our Project Managers hold ScrumMaster Certifications by the Scrum Alliance certification body. Scrum is an Agile framework methodology that is ideally suited for completing complex projects. Scrum was originally designed for software development projects back in the early 1990's, but its approach works well for modern day web based application and platform development projects with non-trivial requirements.

"The Data Protection Act 1998 requires every organisation that processes personal information to register with the Information Commissioner’s Office (ICO), unless they are exempt."

Zoocha have been registered with the Information Commissioners Office as a Data Controller since January 2016.

In order to work and communicate effectively across a broad group of stakeholders within our larger, more institutional clients, it became apparent that we needed to deepen our understanding of the Information Technology Infrastructure Library (ITIL).

In early 2016, 3 of our team members achieved ITIL Foundation Certification, with further team members achieving the certification since. Our aim is for everyone at Zoocha who is working in a support or service function to become ITIL certified.

The ideas and language within ITIL has helped shape, and to a large part define our incident, change, service and support processes.

Cyber Essentials PLUS is a UK Government scheme that aims to help you protect your organisation against a range of cyber attacks. This self-assessment accreditation was a useful exercise to go through ahead of our ISO27001:2013 journey.

Zoocha have been Cyber Essentials Certified since January 2016, and achieved the improved Cyber Essentials PLUS standard in October 2018, which we have been continuously revalidating.

The Government Baseline Personnel Security Standard (BPSS) is the minimum level of personnel security screening required for individuals working with, or on behalf of, UK Government departments and other organisations operating within security-sensitive environments. BPSS provides assurance regarding an individual's identity, integrity, trustworthiness and right to work in the UK.

At Zoocha, personnel security is an important component of our wider Information Security Management System (ISO 27001), Privacy Information Management System (ISO 27701) and Business Management System. As a result, our screening process goes beyond the baseline BPSS requirements and incorporates additional verification activities aligned with recognised industry best practice, including the principles of BS 7858:2019 Screening of Individuals Working in a Secure Environment.

As part of our onboarding and personnel screening process, Zoocha conducts a range of checks, which may include:

• Identity verification using documentary and electronic verification methods.
• Right to work checks to confirm eligibility to work in the relevant jurisdiction.
• Employment and activity history verification covering previous employment, education and other relevant periods of activity.
• Basic criminal record checks where legally permissible and appropriate to the role.
• Address history verification.
• Sanctions and watchlist screening, including checks against relevant UK and international sanctions registers.
• Politically Exposed Person (PEP) screening where appropriate.
• Adverse media screening to identify material integrity, fraud or reputational concerns.
• Overseas residence declarations and supporting verification where individuals have spent significant periods outside their country of employment.
• Ongoing personnel security obligations through policies, training, confidentiality agreements and security awareness activities.

These checks help mitigate risks associated with identity fraud, unauthorised access to systems and information, financial crime, insider threats and regulatory compliance requirements.

By combining BPSS requirements with additional screening measures and controls aligned to BS 7858 principles, Zoocha provides clients with assurance that individuals entrusted with their systems, infrastructure and information have undergone a robust and consistent level of verification.

AWS has been our preferred hosting partner since 2010 when we launched one of our early websites on it. Since then we’ve evolved from launching a basic site on a single EC2 instance, to instinctively provisioning highly-available, resilient stacks using a the full suite of AWS services at our disposal. We are also avid attenders of AWS conferences, subscribe to the AWS blog, and organise regular knowledge share sessions. We therefore have a great deal of familiarity and exposure of AWS within the team. This knowledge has also remained in our team due to our exceptionally low staff turnover.

We have also started ratifying our partnership with AWS by building closer links with various contacts within AWS, and working with members of the AWS team on joint bids.

Within our team we currently have 1 team member who has achieved the "AWS Certified Solutions Architect - Associate" certification, and several more team members who are planning to organise their AWS certification exams. 

Understanding how and why a page works, on every device, is at the very core of producing a successful design. At Zoocha we have in depth knowledge and experience in making designs that will work for you and your customers.

The Nielson Norman Group who are internationally recognised as thought leaders in the field of UX, with their widely published and often quoted principals of Jakob Nielsen, Don Norman and Bruce Tognazzini setting their standards and leading them.

The NN/g's training and UX Certification that we achieved gave us in-depth, targeted learning about the most important UX areas, effective UX techniques and about how to deliver consistent high quality UX output.

We have been working with Acquia since 2012 on a variety of projects, including our work with the Financial Conduct Authority, and Payment Systems Regulator.

We have strong experience across the team in setting up and maintaining websites on their platform using their product interfaces. In addition to this we are also capable of interacting with the Cloud API so that more granular control of their deployment processes and such can be achieved, such as integration with automated testing.

Zoocha are a Diamond Certified Partner of the Drupal Association. In addition to this, most team members are also Individual members of the Drupal Association.

The Drupal Association is dedicated to supporting Drupal along with its community. The Drupal Association helps the Drupal community with funding, infrastructure, education, promotion, distribution and online collaboration at Drupal.org.

Over the years we have supported the Drupal Association through our attendance at all European DrupalCon events since 2011. On top of this, team members regularly attend UK based DrupalCamp events promoted by the Drupal Association, and offer up our office space for Drupal "code sprints".

Zoocha is a Financial Services Qualification System (FSQS) certified supplier, which demonstrates compliance with regulations, policies and governance controls, which financial institutions such as Banks, Building Societies, Insurance Companies and Investment Companies seek from their suppliers.

This means that Zoocha's Drupal services can be procured with confidence by such institutions, and other security-conscious organisations, knowing they are dealing with a fully registered FSQS-certified company.

Achieving the FSQS certification involved completing 2 stages of assessment, where various security focussed questions had to be completed, along with evidencing our various internal policy and procedure documents. Being ISO 27001 certified already, along with possessing a Cyber Essentials Plus certification meant that a large part of the scope of the FSQS certification was covered already by our ISMS.

Zoocha have been FSQS certified since September 2022, and look forward to maintaining the certification for many years to come.

Similar to FSQS, Zoocha is also a JOSCAR (Joint Supply Chain Accreditation Register) certified supplier. This certifies Zoocha's compliance with regulations, policies and governance controls, in which buying organisations operating in the aerospace, defence, security, and space sectors seek from their suppliers.

JOSCAR aims to simplify procurement for buying organisations by maintaining a centralised database of pre-qualified suppliers.

Would-be buyers of Zoocha services can find us under the following JOSCAR service categories: Data Centre Hosting Services, Software Development Services, Software Maintenance, Software Consultancy, Software Integration Services, Data Centre Hosting, System & Software Support Services, Cyber Security Analytics, Machine Learning & Artificial Intelligence Services, Emerging Technology Services, Cyber Security Architecture, UI/UX Design Services, Digital Infrastructure Services, and Research & Development Services (non-Military).