Michele Penzo & Stuart Clarke

Head of Professional Services / CISO, Systems Administrator

smartKYC is the world’s most advanced enterprise solution for KYC (Know Your Customer) due diligence automation.

smartKYC fuses artificial intelligence with linguistic and cultural sensitivity and deep domain knowledge to set new standards for KYC quality, whilst transforming productivity and hardwiring compliance conformance.

Founded: Founded in 2014
Approx. 50
Target customer: 
B2B, mostly tier 1 & 2 financial institutions

The Challenge

What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? We wanted to offer a cloud based Software as a Service (SaaS) solution. It was therefore imperative to certify for the ISO 27001 standard.

How did you go about searching for the solution and services? We had already started our ISO 27001 journey by implementing a basic ISMS based on the ISO 27001:2013 standard before we decided to seek certification, and so we needed someone with experience to assess our overall compliance and to give guidance on conducting internal audits, etc. We reached out to ~8 companies. Evalian were quick to respond and keen to provide us with useful information right off of the bat (e.g., advising us on certifying to the ISO 27001:2022 standard, and seeking certification through an accredited body).

Please describe the reasons you decided to work with us. From the companies we spoke to, we felt most comfortable with Evalian, based on the initial conversation we had with Evalian’s commercial director, Chris – who gave us confidence in Evalian. The other companies felt more sales driven and less likely to offer a tailored experienced.

We needed and wanted a company to understand the peculiarities of our business, and it was clear that Evalian had a great deal of experience in delivering ISO 27001 and other services. What cemented the decision further was that our COO, had experience with one of the companies that had a case study with Evalian. We always look for referrals and after speaking with the references provided, they all praised the Evalian team.

Did you have any expectations going into the process? Before going through the process with Evalian, we had already put in place an internal ISMS, so we had some knowledge and some expectations, and didn’t have to start completely from scratch. We needed an expert to come in and assess our policies and procedures, and help us understand what gaps to fill or areas of improve.


Can you describe the process we took your business through and anything you learnt about your own business through working this way? Initially it was a slow and steady start, to get through the policies and procedures we had in place already, and to understand where we needed to improve, but Daniel and Jamie did well to understand our needs and talk us through the process. Most of what we had was sufficient, but we built on these documents and have ended up with a good structure or policies, and in the end, I think only one of our original documents remained untouched. The external auditors were also very impressed with the whole ISMS that Evalian had helped us to establish. It helped speed up the whole auditing process by laying everything out in a clear and easy to understand format.

Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? One of the challenges we have is that our resources are split remotely over all over the world, but that never proved to be an issue. We had good communication and support throughout the engagement.


What has been the most significant achievement for your business facilitated by using our services? From our point of view, we were already following best practices, as we had started to implement part of the ISO 27001:2013 standard already and had done a great deal of work beforehand. So, we were happy to have Evalian on board to reassure us that what we had done was adequate and help us build on it to get certified.

We feel that our documents and procedures have been fine-tuned and more formally documented. As a by-product of getting our certification, our workforce is more concerned about security than ever before. The meetings we had with Evalian gave us and the team a better understanding of security awareness, to make sure we aren’t “just gaining just a certification”.

Overall, we enjoyed working with Evalian. They’re currently helping us achieve ISO 27701 certification and we have already had a penetration test conducted, so we have confidence in their abilities to deliver such services.


Talk To Us:

If you’ve had a data breach, are confused about DPOs, or would like to discuss penetration testing or cyber incident response training, please give us a call or email us. We promise no hard sell and only real-world guidance.

We love to talk privacy and security and we’d be delighted to discuss your requirements. If we can’t help for any reason, we’ll probably know someone who can.

Get In Touch