Audits

What is the ISO 27001 audit process?

Audits are commonly used to ensure that an activity meets a set of defined criteria. For all ISO management system standards, audits are used to ensure that the management system meets the requirements of the relevant standard, the organisation’s own requirements and objectives, and remains efficient and effective. It will be necessary to conduct a programme of audits to confirm this.
Read More
ISO 27001, Medium Businesses, Audits, Certification, Controls, Policies

How Utonomy achieved ISO 27001 first time with ISMS.online

Utonomy was created to solve a specific problem: helping gas network operators reduce methane leakage through pressure management. The company has developed innovative technology that automatically optimises the pressure in gas distribution networks, taking into account seasonal and daily variations in demand to deliver a significant reduction in leakage.

The business supplies customers critical to national infrastructure who face stringent regulatory requirements. As such, the Utonomy team knew that achieving ISO 27001 certification was a must to demonstrate the company’s proactive information security stance to customers, stakeholders, and prospects when tendering.

Utonomy already had a basic information security management system (ISMS) in place due to the work the team had done to achieve Cyber Essentials certification. However, they knew that the business needed a more comprehensive ISMS to achieve ISO 27001 certification successfully. The company needed a platform to make ISO 27001 implementation and ongoing compliance as easy as possible.

“We recognised that we were going to need ISO 27001 in terms of our relationships with our customers; the industry was becoming more security aware. We’d done a fair bit of work around Cyber Essentials, but we thought, ‘we’re going to need to step up our game.’”

Steve Lewis, Chief Technology Officer and Chief Information Security Officer at Utonomy

“We’ve got lots of stuff in the trackers because they’re easy to use. It means that the people who need to be [tracking security incidents] aren’t likely to do it somewhere else, like a note in a book or in one of our other systems. And that makes it easier to manage and easier to audit.”

Steve Lewis, Chief Technology Officer and Chief Information Security Officer at Utonomy

Utonomy chose the ISMS.online platform for ISO 27001 compliance and certification, building out all its ISO 27001 policies, trackers and evidence under one roof. Using the platform’s pre-built policy templates as a starting point, Steve and his team expanded on the templates to suit Utonomy’s specific security objectives and ensured they had comprehensive knowledge of the policies and controls making up the organisation’s ISMS.

“The templates gave us a structure, and it was an educational way to look at an acceptable description of a process because when you’re coming in cold, it’s always difficult to know how far you have to go with documentation.”

Steve Lewis, Chief Technology Officer and Chief Information Security Officer at Utonomy

The business migrated product risk documentation into ISMS.online to proactively manage product threats and controls within the platform using the risk register and risk tracking. With the linked work feature, Utonomy mapped over 60 risks and associated controls and can now easily monitor and manage product risks rather than updating documentation manually. 

“In this new form, it will be much easier to update when we launch new product features or product changes. It’ll be a less onerous, daunting task to try and work through the things we need to change.”

Steve Lewis, Chief Technology Officer and Chief Information Security Officer at Utonomy

Read More
ISMS Platform Tour

Interested in an ISMS.online platform tour?

Start your free 2-minute interactive demo now and experience the magic of ISMS.online in action!

Try it for free

Streamline your workflow with our new Jira integration! Learn more here.