How secure are custom applications, and what about compliance (ISO 27001)?

Custom is not automatically insecure; it depends on how you build 

Custom software can be just as secure or more secure than standard software when security is involved from the architecture stage: identity, encryption, logging, patching, hosting, the supply chain and incident response. The remedy is not a licensing model, it is a mature process. 

ISO 27001 and what it means for you 

ISO 27001 represents a systematic information security management system, relevant for enterprise, government and coordinated supply chains. In our projects we capture requirements early (ISO, sector, GDPR, accessibility) so they drive design and backlog, not just the audit. 

For security as a product theme: see our case around a digital vault for SMEs. For accessibility and regulation: the European Accessibility Act audit (Spark), useful when compliance becomes a hard requirement. 

Read more: Sparks · Cases