The process
The organisation asked GSA Global to support them through the ISO 27001 assessment process, prior to audit, and provide guidance across all touchpoints. The client leveraged the expertise of external consultants to provide an in-depth assessment of potential resources and key areas to address.
The biggest challenge for the client was understanding the scale of the task. The company undertook ISO 27001 because it needed to be able to demonstrate this certification to its government and corporate clients as well as ensuring the organisation was compliant with GDPR. This meant ensuring internal personnel data was kept confidential, understanding how they communicate internally with clients, and dealing with recruitment. Without ISO 27001 in place, the company could not contract with its clients, so it was vital for the business to operate.
The solution
GSA Global has an extensive range of internal processes and documentation to conduct a thorough assessment. We enabled employee awareness on ISO27001, highlighting its impact on key business operations as well as establishing the foundations for improved compliance and training. The assessment also allowed us to identify the nature of policies in effect and provide a detailed gap analysis pinpointing the key pain points and areas of concern to the client.
“It’s not a box ticking exercise, you need to understand what you have in place and how it will affect you and make sure you understand things, take a step back and look at your suppliers holistically themselves from a cyber perspective. Our consultant brought massive value, a subject matter expert in his field and incredibly approachable. We had a loose system for dealing with our ISMS, but they brought a huge amount of discipline making us create committees, documentation, follow-up actions, changing our mindset, being dynamic around these processes rather than responsive.”
The result
Through the process, GSA Global was able to strengthen the information security profile within the company’s group of businesses, delivering harmonisation and standardisation that is vital when keeping track of new businesses and different units.
The assessment also gave the business a better understanding of ISO 27001, its implications, and the need to integrate across all internal levels of the organisation. The company found an external body – which could assess, identify and advise on compliance – extremely helpful.
The extensive plan provided the business with a better understanding of ISO27001, allowing them to build credibility with their client base and obtain the certification which was crucial for their growth and development.
“It’s a huge project and not to be undertaken lightly.”, said a spokesperson at the company. “The benefit is having someone who can guide you through the process. GSA Global was hugely supportive on that journey and ensured that we only dealt with the areas we needed, which reduced the requirement to undertake a lot of unnecessary work.”
Our assessment allowed the business to only deal with critical areas while supporting the business throughout the process. We were able to effectively guide the business from end-to-end, preparing them for external audits. The business now understands the complexities of an external audit, including which sections are covered and best practices to avoid duplicating sections. We were also able to improve the company’s understanding of how to stay on track during an audit, including key topics and parameters for consideration.