Featured Case Study:
Canva ISO 27001 Certification with Privasec

How Canva embarked on its cyber security maturity journey and achieved ISO 27001 certification

Canva is a global digital assets trading platform that provides users access to facilities enabling them to trade in cryptocurrencies. it has global presence, which makes it the preferred trading platform for more than 4 million users across the globe.

Started in 2012, Canva Pty Ltd is a leading graphic design giant and publishing platform based in Australia.

The company is valued at US$6 billion and has more than 1,375 staff, making it one of Australia’s fastest growing unicorn startups. It is a platform that provides a graphic designing tool that is easy to use and comes with an abundance of pre-built designs and templates to facilitate the design process. Canva is also regularly featured in the news for its values and culture, attracting key talents from across the world and is regularly listed as one of the best tech employers.

We could not have done it without your guidance. Thank you for helping us through it all!

Cameron Adams, Co-Founder of Canva

the challenges

The challenge was to establish a strong security culture within a fast growing company with many competing priorities. With the constant changesin an organisation that is continually building and incorporating technology at a rapid rate, there becomes a crucial need to ‘bake-in’ security in all operations so that it can grow and keep up with the pace of the business. 

We had to build a risk management framework from the ground up. Once something's in production, it's in legacy and it takes effort to keep up with security that gets introduced after you've jumped into a technology.

Geoff Chiang, Canva IT Risk Manager

We needed someone who would take into account the state of Canva as it was before we start this project. Not only the state of our security and risk management maturity at the time, but also very importantly, the culture of the organisation. Privasec was very good at this. They had a high level of expertise, are very communicative and we had incredible engagement.

the results

Privasec worked with Canva to design an ISMS around the constant growth and changes that the team at Canva thrives on, ensuring that the methodology was customised fit for the culture and precise needs of Canva and its operations.

Canva attained the ISO 27001 Certification, and was able to achieve compliance without hindering its culture or growth.

A security roadmap with ownership at founders’ and senior leaders’ level was established for Canva. They have also improved their security controls with a company-wide focus on security, and grew its security investments and security resources 5-fold. 

We used the certification as a framework to prioritise security roadmap and have an external entity that holds Canva accountable for milestones defined.

Paulywn Devasundaram, Canva Engineering Leader

Our Credentials

Want to Become ISO 27001 Certified?

Get on your way to obtain the IEC 27001 certification today. Just contact a Privasec consultant to get a detailed understanding of the Plan-Do-Check-Act ISMS cycle.

Scroll to Top