What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? We wanted to achieve an auditable, robust and systematic approach to information security. This was to protect our business and reduce risks, as well as inspire credibility and trust in our customers. Data is central to everything we do at Alliants and an information security management system (ISMS) is absolutely essential to this. Being externally audited and certified against the ISO 27001: 2013 standard was the benchmark we set.
How did you go about searching for the solution and services? Our search was initially via Google and then from researching other websites to look for a suitable company to match our needs.
Please describe the reasons you decided to work with us. We had an initial consultation where Evalian® introduced us to their holistic approach to achieving our certification. Unlike other consultants, there was no end goal of “getting certified” and that’s it – they wanted to take our company on the challenging journey of changing our inherent processes and culture to become a model ISO:27001 business. Evalian® understood our lack of knowledge with regard to how the process works and what entailed, and so went about showing us how they not only put systems in place but ensure we understood the importance and how we manage such an undertaking ourselves going forward.
Did you have any expectations going into the process? We had no expectations – we had little knowledge apart from previous employment experience within our team, and as such were open to ideas and project flows as to how to integrate the ISMS to fit our company structure and ethos. Evalian® were very good at understanding our strengths and weaknesses very early on and looked to facilitate our strengths to overcome our weaknesses within the whole lifecycle of the project.
Can you describe the process we took your business through and anything you learnt about your own business through working this way? Evalian® helped us through the entire pre-certification phase for ISO 27001 through their consulting services, from project kick-off to final audit by BSI. We agreed on the level of support required and this was delivered both on and off-site. Evalian® assessed our current ISMS and then we agreed on an action plan to achieve the certification. We worked with one of their consultants from start to finish and have continued with ongoing consulting support, post-certification as the collaboration with Evalian has been first class. We’ve also expanded this further, using their specialist Data Protection services for legal and regulatory support.
Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? We needed to allocate resources to this project and create a team to drive this forward. This was a significant investment in time and associated costs, but the Senior Management team were and continues to be fully behind this. We didn’t bring in people with prior experience as FTEs but adapted our organisation to achieve our goals. Evalian’s consultant (Daniel Djiann) supported us superbly on-site and remotely. He advised us expertly on what needed to be done and provided sound guidance and support throughout. We couldn’t have achieved the certification without this and in the time we did.
What changes did you make as a result of working with us? This was about organisational and cultural change as well as looking at our partners and suppliers and client projects in order to meet the ISMS requirements for certification. Staff awareness and training are also very important. This isn’t just about passing certification, it’s vital that this becomes BAU and drives continuous improvement.
What has been the most significant achievement for your business facilitated by using our services? Achieving the certification first time in auditing and also subsequently passing the latest surveillance audit. This demonstrates the ongoing commitment and dedication of all our employees, to maintaining and improving our ISMS.
What impact has the results from working with us had on your clients/stakeholders? It helps improve the way we support and maintain our current business, as well as in our new business activities, particularly in relation to technology questionnaires in support of RFIs and RFPs. We are able to respond faster and more consistently, which really helps differentiate Alliants from our competitors. We’ve also been able to better identify areas for improvement, manage risks and keep up to date with all our relevant documentation.
What do you hope to achieve in your future working relationship with us? We have continued and expanded upon the services from Evalian, to encompass ISO 27001 consulting plus Data Protection representation and counselling.