What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? There was always that need from a business perspective for us to have ISO 27001, it gives confidence to our partners and customers. We had approached Evalian® the year before to conduct an ISO 27001 gap analysis but I was brought in quite late to the process to lead it. It was a challenge to get my head around the whole process, but Evalian® made it much easier and took away that worry, especially considering I was new to the organisation.
How did you go about searching for the solution and services? Our previous director who has since moved on found Evalian®, I’m not sure whether it was from an internal referral or an initial google search.
Please describe the reasons you decided to work with us. I think it’s fair to say, the decision was made after the original scoping. We felt Evalian’s friendly approach and support would help us to navigate the process and they opened our eyes to where we had certain gaps that needed to be filled in terms of processes and procedures.
Did you have any expectations going into the process? Our expectation and hope were obviously to achieve the certification, the main err of caution was how it would impact our day-to-day roles – we all have 9-5 jobs, so how to fit it in was a concern, but that concern was taken away very quickly by Evalian and their approach to our business.
Can you describe the process we took your business through and anything you learnt about your own business through working this way? Just from having that regular touchpoint with multiple departments and quarterly meetings, we realised we did a lot of things but we didn’t evidence it. When we could find the evidence, it was scattered, so Evalian® showed us how to store the evidence and create a better structure which was a key thing for us. As we move forward we are maintaining that structure and it has helped immensely in our day-to-day work.
Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? There’s always the challenge with change requests, that you make changes which could potentially be invalid, so having that person to rely on and to verify our process was correct, has been invaluable. Danny, our Evalian® consultant, was a great help and continues to be, he is very easy to speak to and happy to respond to emails outside of our accreditations as well – it’s helped me feel I can run the framework with confidence and that’s without having prior experience.
What changes did you make as a result of working with us? Our biggest change has been establishing our policies and procedures and having them in one place. We now have an entire framework, we log our continual improvements which may have previously been an off-the-cuff change. A big thing was on our internal projects, previously these were managed within emails, but by creating our internal change request form with Evalian’s support, the security is now at the forefront. It doesn’t feel like a tick-box exercise and it has helped me immeasurably when it comes to following up on procedures across the different departments.
What has been the most significant achievement for your business facilitated by using our services? Along with building the framework, gaining accreditation on our first attempt was a big achievement. When our parent company purchased us, they were really pleased to see we had ISO 27001, and it’s given us the opportunity to use it as a benchmark within the new company structure. I started my role around March, and within four months we have turned around our policies and procedures and established a framework with Evalian’s help, which was priceless.
When we had our certification audit, they mentioned that we had “one of the best young systems they had seen”, which is a testament to Evalian’s collaborative support throughout the process.
What impact has the results from working with us had on your clients/stakeholders? Confidence in our processes. We had a risk assessment recently from a large company, and having those policies and procedures and RA ready, made the process a lot easier. When we send off due diligence documentation, having this framework in place shortens response time which is really positive. It helps our ability to gain additional customers as well within a shorter timeframe but without that uncertainty of security.
What do you hope to achieve in your future working relationship with us? I’m currently in the process of gap analysis sessions with Evalian® due to our parent structure changing, to check we remain compliant, so those are ongoing. We are also trying to expand the ISO framework to other groups within our business so that it doesn’t just apply to certain parts of the organisation. We are confident in the support we get from Evalian® and are very happy with the way things continue to progress.
Learn more about our ISO and RTS consultancy services.