The most boring thing we do is also the most important

It's the kind of news no one in film and TV asks for. No production manager wakes up excited about another vendor's security certification. No line producer puts "check our e-sign tool's ISMS" on the call sheet. And honestly, that's the point.

Here's the thing about trust: when it's working, you don't notice it. You notice it the day something leaks. The day a contract surfaces that shouldn't have. The day a broadcaster asks for an audit trail and you can't produce one. The day someone realises the cast release for a kid extra has been sitting in a personal Dropbox for three years.

We built Connie because that quiet, background anxiety – is this safe, is this signed, is this where it should be – is the part of production work nobody wants to think about, and exactly the part that breaks when no one is watching.

What ISO 27001 actually is (and isn't)

ISO 27001 is an international standard for information security management. To pass it, you have to document, implement, and continuously prove that you have a system in place for protecting the data people trust you with. Not a feature. Not a marketing line. A whole operational discipline – policies, controls, risk assessments, incident response, supplier reviews, the lot. An external auditor comes in once a year and tries to find the cracks.

We got certified for the first time last year. The recertification means we didn't just pass a one-off test – we've been running the discipline for another full year, and an independent body confirmed we're still doing it properly.

It's not glamorous work. It's the opposite of building a beautiful new feature. But it's the work that lets a head of legal at a production company sleep at night, and that's a business we want to be in.

You can read more about all the nitty-gritty details in our Trust Center

Why this matters more in production than people think

Production data is unusually sensitive. You're not just handling business contracts. You're handling:

Personal information of every freelancer who ever worked a shoot. Bank details. ID numbers. Health declarations. Release forms for minors. Talent agreements with confidential figures. Location agreements. NDAs from the script stage. Casting tapes. The list goes on.

Most of this lives, today, in a mess of inboxes, shared drives, paper folders, and "I think Pernille has the latest version." It's the operational reality of how production actually works – and it's also a GDPR incident waiting to happen.

The European film and TV industry has spent the last few years being told it needs to clean this up. We agree. We just don't think the answer is to hand it all over to a generic American e-signature tool, store the data on a different continent, and hope for the best.

Paperwork isn't bureaucracy. It's protection.

This is the part I keep coming back to. As a designer learning this industry from the outside, the thing that surprised me most is how often paperwork is framed as the enemy of creativity. It's not.

Paperwork is what protects the filmmaker when a co-producer disputes a credit two years later. It's what protects the parent who signed a consent for their child to appear in a documentary. It's what protects the line producer from chasing a missing signature at 11pm the night before payroll. It's what protects the broadcaster from a rights claim they didn't see coming.

Done badly, paperwork is friction. Done well, it's quiet, invisible, and it has your back.

That's what we're building Connie to be. And ISO 27001 is part of how we keep our promise that the system holding all of it is actually worthy of the trust.

The bigger picture

European production companies deserve tools that take their data as seriously as they take their work. That means EU hosting. GDPR compliance by default. eIDAS-compliant signatures that hold up in a European court. A real information security management system, audited by people whose job it is to be sceptical.

It also means a European alternative to the US-dominated e-sign market – not because American tools are bad, but because production data should live under the same legal framework as the productions themselves.

Our annual recertification is one small data point in a much longer commitment. We'll do it every year. We'll keep raising the bar internally. And we'll keep trying to make the whole thing feel as invisible as possible to the people on set, in the office, and in the edit – so they can get on with the actual work.

That's the deal. Quiet, structural, boring trust. So you can focus on telling the story.

Connie is co-funded by the Creative Europe MEDIA programme of the European Union.