What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? To continue growing our business and scale globally, we were aware that there would be increased external scrutiny regarding our information security, and that there would likely be an expectation to have our ISMS certified.
How did you go about searching for the solution and services? We conducted a Google search.
Please describe the reasons you decided to work with us. The overall package was compelling, the project methodology, estimated project duration, quote, and the follow-up scoping conversation with an ISO consultant was very helpful.
Did you have any expectations going into the process? Our expectation was to have expert guidance in building an information security management system that would achieve ISO 27001 certification and also learn the necessary information security best practices for our business.
Can you describe the process we took your business through and anything you learnt about your own business through working this way? The process was exactly as it was described to us during the scoping call. We started with Gap analysis interviews, (find out the benefits of conducting an ISO 27001 gap analysis in our post)then we had a series of workshops with different stakeholders across the organisation for each workshop. The outcome of the workshops informed the draft information security policies that were drafted by Evalian for us to review, amend and implement to fit our processes and procedures. We also had weekly meetings and progress reports to provide a detailed view of our ISMS progress. Evalian also facilitated ISO 27001 internal audit meetings, management reviews and training sessions.
Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? The major challenge we had for an organisation of our size was time to spend on the project alongside other business-critical projects. Our Evalian Consultant was exceptionally agile, understanding our challenge, and prioritising aspects of the project in a way that allowed us to keep momentum throughout our engagement. We could work on smaller areas of the project when we were tight on bandwidth and time, we could also work on bigger areas of the project when we had more time.
What impact has the results from working with us had on you/your team? After undertaking our Phase 2 audit successfully without any non-conformances, we realised that Danny, our Evalian consultant, had taken us through a path where we thoroughly understood the ISO 27001 requirements and developed policies, processes and procedures that were fit for our organisation and culture. It wasn’t just a checklist exercise, we were able to weave information security awareness into our business culture, thanks to Danny’s approach.