Interact Achieve ISO27001 On First Attempt
Company: Interact, Altrincham UK
Industry: Intranet software development company
Engagement: ISO 27001
Working Together: Since May 2016
Customer Activity: Interact delivers intelligent intranet software that transforms how businesses communicate; building a more informed, engaged and productive workplace
Interact approached GB3 to help them implement the Information Security Standard ISO 27001:2013. Interact provides software for company intranets and professional services around installing and managing those intranets. To do business in a global market Interact relies on resources including information. The use of these information assets, for the areas of the business, must be in line with good professional working practices and procedures, and must ensure the confidentiality, integrity and availability of all of Interact’s information assets. The implementation of an Information Security Management System (ISMS) will ensure that all areas of their business areas meet the statutory, regulatory and contractual information security requirements demanded of them.
During the period of engagement the key objective was conduct a gap analysis against the standard, highlight areas for improvement and instil ISO 27001 knowledge and awareness within the existing team so that they could continue without the need for ongoing consultancy.
1. Embedded ISO 27001 requirement knowledge with the Interact team to enable them to achieve certification of the ISO 27001 standard.
2. Reviewed and highlighted areas for improvement within the Interact ISMS. Discussed recommendations with the Interact team and provided guidance to improve their ISMS .
GB3 spent around one week advising the Interact team over a few months.
“Whilst Interact was taking its first steps towards ISO27001 certification, Joe Elding was brought in to ‘sanity check’ the policies and processes I’d written, ensure we were covering all the relevant areas of the standard, and to give management an indication as to how much work might be needed before we could put ourselves forward for formal auditing.
In all areas, Joe was outstanding.
ISO27001 certification was not only a first for my company, it was a personal first too. While I’d studied the standard and read a lot of books, websites and white papers, I had no formal training. Joe helped me understand points I found tricky and gave me a belief in myself, in what I knew and what I was doing. It was wonderful having that sounding board to check details with, and Joe really helped to build my confidence in the task.
Joe was very thorough, logical, friendly and professional in his approach. He went through my policies and procedures, and talked me through the audit process to ensure I would know what the auditors were looking for in terms of content and evidence. He was knowledgeable, not just on the standard and audit process, but also on ‘esoteric’ aspects of passing ISO27001 certification that can only be learnt from experience, not from a book.
I was delighted to have Joe’s help and I think his advice early on played a key role in my company getting its ISO27001 certificate first time round and in just under a year. I would wholeheartedly recommend Joe’s services if you are serious about achieving ISO27001 certification.”
Sara Burgess, Information Security Officer.Let's talk strategy back to our work