Barbal attains government-backed cyber security accreditation

Barbal, the Bristol-based startup aiming to solve document collaboration for experts, has attained the government-backed cyber security certification, Cyber Essentials Plus. A key step in demonstrating our commitment to the security and privacy of our users’ data.

Cyber Essentials Plus certification logoFollowing a successful audit, Cyber Essentials Plus certification demonstrates that Barbal has the necessary protections to defend against a wide variety of cyber attacks. Covering, the five main Technical Security Controls:

  • Firewalls
  • Secure configuration
  • User access control
  • Malware protection
  • Patch management

The scope of our certification applies to the organisation’s entire IT infrastructure to achieve the best protection, company wide. 

Barbal’s cyber security has been independently assessed and certified by CyberTec, a Bristol-based company, to ensure our compliance. 

Barbal’s Cyber Essentials Plus accreditation follows on from the successful accreditation of Cyber Essentials in December 2020, and continues the campaign towards ISO 27001 accreditation. 

Dave Balderstone, co-founder and CTO of Barbal “Cyber risk is as important to us as it is to our customers. This is a step towards gaining IS0 27001 accreditation and shows that we’re serious about Information Security.”

CyberTec, assessor of Cyber Essential and Cyber Essentials Plus, says:Cyber attacks and data breaches are an ever-growing threat to UK organisations. Cyber Essentials is the government-backed cyber security certification designed to protect your business or organisation from common cyber threats. Achieving this certification demonstrates your alignment with the five main Technical Security Controls, proving that your business is safe and secure.”

Making GDPR compliant with Hubspot and Google Analytics tracking codes

As a company we always try to do things “the right way”. One of the perennial challenges is how to square digital marketing with the privacy of our stakeholders. We need to use the latest tools to support sales and marketing and we also want to act ethically. As a platform that handles sensitive or confidential information for our users, we always take security and privacy seriously.

The website uses a WordPress installation. We use various plugins for different elements like forms. We use Hubspot and Google Analytics to support digital marketing. Both platforms offer WordPress plugins to more tightly couple the services. We use them to make sure our website is relevant to visitors and know that we are following up on leads appropriately. However, neither platform’s plugin has a facility to seek permission from users before it starts tracking them with cookies. Nor does either platform’s documentation provide much help for those seeking GDPR compliance.

Google Tag Manager was suggested as a way to keep track of all tracking codes in one place, but again requires a heavily convoluted way to implement cookie permissions requiring developers and custom code.

In the end we struck upon the GA Germanized plugin, which has a no-code interface for installing a cookie banner and linking to Google Analytics. It also has a feature for implementing other tracking codes, so we put the Hubspot code in there. I also had to uninstall the Hubspot plugin and disable Google Site Kit from placing the Google Analytics code.

Now the Barbal website doesn’t use any cookies until the user gives permission, and even then we make sure we only use the bare minimum to meet their and our needs. You can find out more about privacy and security at Barbal in our Privacy Policy.