The Challenge
Many of METCLOUD customers are regulated, including financial houses and banks. So offering information security assurances with a UKAS accredited ISO 27001 certification was becoming more important especially with GDPR imminent and increasing cybercrime.
METCLOUD knew the certification would give it a competitive edge and also help to secure existing business too. They wanted to formalise and improve their already robust security practices, rather than have a theoretical ISMS dictating how they should run their business.
The remit was for a flexible solution that would help accelerate their certification and would also allow their ISMS approach to enable new growth too. Ideally, they wanted a solution they could also offer to clients as well, one that was easy to follow given how hard ISO 27001 can be for organisations to achieve and maintain.
“Old fashioned approaches to the ISMS typically mean ‘dry’ spreadsheets that make it difficult to relate to how the ISMS operates and performs as a whole. Typically the ISMS falls down on meeting its information security objectives due to the complexity of capturing evidence, managing documentation and meaningful reviews. It’s the quickest way to fall foul of the auditors in your annual surveillance visits.”
Information Security Officer and Quality Manager, METCLOUD
The Solution
Having implemented and managed ISO 27001 the hard-way in previous organisations, METCLOUD’s InfoSec Lead, Carl Vaughan was happy to discover ISMS.online helped them build the ISMS they wanted.
“We love the fact that we now have interactive tools where we can visualise risks and their impact. The powerful linking in ISMS.online also makes it quick and simple to keep the Statement of Applicability up-to-date, and clearly demonstrates why the controls are needed, which information assets you are protecting and against what. It makes prioritising risk treatment and actions much simpler.”
Information Security Officer and Quality Manager, METCLOUD