What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? In the first instance, it was about understanding the appropriate security measures we needed in place to meet our certification requirements. We switched from Google to Microsoft for our cloud, and so we needed security configurations set up, that’s something we hadn’t done before. The second challenge was understanding the requirements for ISO 27001 from an application perspective.
In terms of Pen Testing – the need for this was driven by a client based in the US, who had a high expectation of supply chain security. They insist on their suppliers getting regular and routine penetration testing. That’s something we don’t have much expertise in, and we thought to safeguard ourselves and have a better chance of winning the client, we needed to look at the best possible way of doing it, which essentially involved getting the experts in.
How did you go about searching for the solution and services?
We performed a Google search and identified around three or four companies. We then had calls with each and Evalian® was the most responsive and understanding of our needs.
Please describe the reasons you decided to work with us.
Evalian® were by far the most responsive and “easy” to do business with. It was clear from our initial call with their consultants that they understood our challenges, and what we needed to achieve. Our original call was initially just for pen-testing, but we then found out what other services the team provide, and it all seemed to fit into place. From a business perspective, it made sense and took away the pain of needing several companies for different services.
I wanted a team that was responsive. I run two different companies with a diverse range of requirements, so when you can find a company that’s easy to do business with and doesn’t waste time, it is an easy decision. I’ve been impressed with the efficiency of the team, it’s only been a couple of months from our first call – but where we are now with our policies and procedures in place, a recommendation for certification, and a control framework for our cloud settings is really positive.
Did you have any expectations going into the process?
Not with respect to cloud cyber services. For internal auditing we did as we have an established Quality Management System, but not from an information security perspective. Phishing and Cloud configuration were new. What we found especially helpful were the screenshots that were provided to us through reporting with useful step by step advice which we can reference any time now. There’s been a real difference in switching from Google to Microsoft, so the support we’ve had from Evalian® has not only been efficient but also very insightful.
Can you describe the process we took your business through and anything you learnt about your own business through working this way?
The security work was mostly on the Evalian® side, identifying the vulnerabilities, going through the IP addresses, and reports delivered back to us at the end. The Pen testing was a bit more involved than the vulnerability scan. As I mentioned, we’d just moved into using Microsoft, and so nothing was set up in a particular way. We then got a list of vulnerabilities and remediation advice which was easy to understand and remedy with the support of the team.
The internal audit, was more involved, as it required a lot of information so that Evalian® could understand what documentation we had in place and where we had gaps. But with the support from our consultant, we have been able to easily set up policies and procedures and documents with clear expectations.
Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that?
No, I have to say the process has been really smooth. I think that came from how well Evalian® seemed to get to grips with our business model, ours and our client’s needs, there didn’t seem to be any fact-finding along the way, it was expert advice and consulting from the start. Although we did not need much after-support, the consultants were on hand to answer any questions that we did have the entire way through the process.
What changes did you make as a result of working with us?
We have implemented Evalian’s recommendations across all aspects of the services we have used. Evalian® has also given us some valuable insight into the different certification bodies – BAB for example, which we didn’t know about before and this is proving useful.
What has been the most significant achievement for your business facilitated by using our services?
Undoubtedly the biggest achievement is that we’ve just completed stage 2 of the audit for ISO27001, and we are currently awaiting our certification. We now have much better procedures in place for staff, ensuring everyone has awareness of our policies and procedures, as well as more confidence in our security framework.
What impact has the results from working with us had on your clients/stakeholders?
Of course, the immediate impact will be us gaining work from the US-based client who is looking for services that have robust security controls and ISO 27001 certification in place. For others who are not so aware, their data is in a better place.
What do you hope to achieve in your future working relationship with us?
The main goal, for now, is gaining our certification, hopefully no breaches and to maintain our solid business reputation, which in turn will stand us in better stead with potential new clients.