Utonomy was created to solve a specific problem: helping gas network operators reduce methane leakage through pressure management. The company has developed innovative technology that automatically optimises the pressure in gas distribution networks, taking into account seasonal and daily variations in demand to deliver a significant reduction in leakage.
The Challenge
The business supplies customers critical to national infrastructure who face stringent regulatory requirements. As such, the Utonomy team knew that achieving ISO 27001 certification was a must to demonstrate the company’s proactive information security stance to customers, stakeholders, and prospects when tendering.
Utonomy already had a basic information security management system (ISMS) in place due to the work the team had done to achieve Cyber Essentials certification. However, they knew that the business needed a more comprehensive ISMS to achieve ISO 27001 certification successfully. The company needed a platform to make ISO 27001 implementation and ongoing compliance as easy as possible.
“We recognised that we were going to need ISO 27001 in terms of our relationships with our customers; the industry was becoming more security aware. We’d done a fair bit of work around Cyber Essentials, but we thought, ‘we’re going to need to step up our game.’”
Steve Lewis, Chief Technology Officer and Chief Information Security Officer at Utonomy
The Solution
“We’ve got lots of stuff in the trackers because they’re easy to use. It means that the people who need to be [tracking security incidents] aren’t likely to do it somewhere else, like a note in a book or in one of our other systems. And that makes it easier to manage and easier to audit.”
Steve Lewis, Chief Technology Officer and Chief Information Security Officer at Utonomy
Utonomy chose the ISMS.online platform for ISO 27001 compliance and certification, building out all its ISO 27001 policies, trackers and evidence under one roof. Using the platform’s pre-built policy templates as a starting point, Steve and his team expanded on the templates to suit Utonomy’s specific security objectives and ensured they had comprehensive knowledge of the policies and controls making up the organisation’s ISMS.
“The templates gave us a structure, and it was an educational way to look at an acceptable description of a process because when you’re coming in cold, it’s always difficult to know how far you have to go with documentation.”
Steve Lewis, Chief Technology Officer and Chief Information Security Officer at Utonomy
The business migrated product risk documentation into ISMS.online to proactively manage product threats and controls within the platform using the risk register and risk tracking. With the linked work feature, Utonomy mapped over 60 risks and associated controls and can now easily monitor and manage product risks rather than updating documentation manually.
“In this new form, it will be much easier to update when we launch new product features or product changes. It’ll be a less onerous, daunting task to try and work through the things we need to change.”
Steve Lewis, Chief Technology Officer and Chief Information Security Officer at Utonomy