Sasha Hajenko is the Director of Blue Phoenix Systems, an IT and cyber security services organisation based in Australia. Sasha is a CISSP qualified cyber security specialist who uses CertiKit’s toolkits with his clients to help them implement the ISO27001 standard easily, on time and in budget.
Sasha’s clients want to achieve certification to the ISO27001 standard for a variety of reasons, with the main three being to meet Government requirements, to increase stakeholder and market confidence, and for a more structured approach to information security across the business.
The CertiKit toolkit was chosen as it saves time, so clients can achieve certification quicker. “The time and effort to develop the documentation required for ISO27001 compliance consumes valuable resources that can be instead used for implementation.”
The toolkits allow more time to be dedicated to added value services with clients, including helping them prepare for the stage one and two audits, management reviews, gap assessments, identifying improvement processes and providing ongoing internal audits.
Several options were reviewed before deciding on a solution to complement the consultancy offering, including SaaS platforms. The CertiKit toolkit was chosen because of the value to clients, who tend to be small to medium size businesses. The one-off cost and the flexibility of hosting the documents on an internal file system makes the process straight forward.
Additionally, the quality of the product makes the implementation process easier. “The consistent formatting and style of the documents makes consolidation of various ISMS and Annex A documents very easy to achieve, reducing the overall size and complexity of the ISMS.”
One of the biggest challenges when working with clients is the change to organisational culture, “We’ve always done it this way” is something Sasha hears a lot, so using the resources in the toolkit to help explain the “why” before going into the “what” and “how” helps stakeholders and staff understand the importance of the certification process.
Commonly found amongst organisations who implement an ISMS, Sasha has found clients’ business processes improve as a result of the standard. “There have been occasions when operational improvements have been identified as a result of seeking certification, for example improving processes based on Business Impact Analysis outcomes, enhancing financial verification and validation processes, or simply working smarter not harder with existing technology.”
The ISO27001 toolkits have been used with many of Blue Phoenix Systems’ clients and some have become certified in as little as six months. Most projects have taken between six and twelve months from engagement to becoming certified, and as with all implementations the timescale depends on time and resource available from the organisation as well as what controls and requirements are already in place.
Sasha has several clients lined up to achieve certification to the standard in the near future and will continue to use CertiKit products to assist the process. “The ISO27001:2022 Enhanced Gap Assessment and ISO27001 toolkit will be integral to the success of the certification journey.”
(Case study written: 14th August 2023)