Call Us: 020 8618 2072

ISO27001 Case Study – BrightStrand International Ltd.

By 20th July 2016ISO27001

Assured Information Security guides BrightStrand International Ltd to achieve ISO/IEC 27001 Certification

Client Profile:   BrightStrand International Ltd.

Founded in 1999, BrightStrand provides a comprehensive portfolio of business critical IT services to UK & European customers across a wide selection of market sectors, where there is a requirement to provide a low risk & cost effective continuity of service.  The portfolio of services is based on solutions running on multiple platform technologies, including HP NonStop (formerly Tandem), IBM, Unix, Microsoft & industry leading server technology.

The Requirement:   BrightStrand had always had a rigorous approach to data management & information security, but were noticing an increasing requirement from their client base for detailed assurances on how data was being processed, managed & stored – often to meet their own compliance criteria.

It was recognised that achieving ISO27001 Certification would immediately provide a universally respected indicator of an independently audited, best practice approach to protecting customer data; that would give assurances to existing clients & enhance credibility within a competitive market to prospective customers.

ISO27001 Certification was also seen as a progressive move that would improve internal processes, mitigate new business risks going forward & increase efficiencies in terms of responding to client questionnaires and RFPs.

The Consultancy Solution:   BrightStrand engaged ISO27001 specialists, Assured Information Security Ltd, in January 2013 to assist their organisation to achieve ISO27001 compliance & Certification.

“Assured were selected as they demonstrated a knowledge of our business, and we liked their approach to breaking the project into manageable tasks to achieve the certification within a realistic timescale.”  

A highly experienced, qualified ISO27001 Lead Auditor from Assured’s team was assigned to BrightStrand to lead the process – contactable at all times.

Next step was to promptly arrange an ‘Initial Review Meeting’ to conduct a compliance overview & to set milestones / tasks as part of a comprehensive project plan to achieve ISO27001 compliance to BrightStrand’s preferred timescale.

By providing expert advice, templates where required & site visits to verify next tasks & progress – Assured provided the framework & guidance for BrightStrand to establish compliant procedures & documentation, to continually build their ISO27001 understanding & ultimately to manage the ISMS successfully for themselves.

“Assured provided us with a flexible approach in supplying a Lead Consultant who was not only able to assist us in setting up the ISMS*, but gave us the knowledge to ultimately fully understand and manage the ISMS. The Lead Consultant supplied was always the same person providing continuity and efficiency at all times.“

The British Standards Institute (BSI) performed the onsite assessments, reviewing BrightStrand’s documented policies & auditing operational procedures across the business.  To achieve ISO27001 Certification the BSI needed to be satisfied that BrightStrand had demonstrated the required high standards & understanding of information security, risk management & data management in all areas of their organisation.

The achievement of the ISO27001 Certification illustrates BrightStrand’s commitment to protecting the confidentiality, integrity & availability of their business assets & those of their customers.

Next steps & migration to ISO/IEC 27001:2013:  BrightStrand International Ltd achieved ISO/IEC 27001:2005 Certification in January 2014.  Due to the timing, BrightStrand’s accreditation process coincided with the ISO/IEC 27001:2005 Standard migrating to latest version ISO/IEC 27001:2013 in October 2013.

ISO27001 Certification is a living accreditation & requires an organisation to follow a road of continuous review & improvement.  Assured is now moving forward with BrightStrand in September/October 2014 to gradually transition to an ISO/IEC 27001:2013 ISMS environment before next years deadline (October 2015).

“The business has seen a number of benefits in securing the ISO certification to include improved security and processes within the company, assurance of best practice to existing and new clients and enhanced security awareness amongst staff.”  [All quotes, A.Dubery – BrightStrand International Ltd].

 

Contact Assured Information Security today on 020 8618 2072 or send an email to info@assuredis.co.uk if your organisation is planning to move forward to achieve ISO/IEC 27001:2013 Certification.