Focused Fitness based in Washington, USA, are providers of physical education software and curriculum. Their bespoke software WELNET® is designed to provide physical educators with a tool to gather student fitness data and communicate results. They recently became certified to ISO27001 with the help of a CertiKit toolkit, and below Amy Lutz, VP of Software, talks us through the process.
Like many organizations, Focused Fitness decided to become certified to ISO27001, due to client demand and contract requirements. Becoming certified to a standard is often a requirement when bidding for contracts, especially for government contracts. Certification was the next logical step for the business in order to develop and grow.
The main trial faced once deciding to become ISO27001 certified was one that is common amongst many organizations, Amy explains, “Our biggest challenge at first was understanding what the process involved, what the standard was and how to actually get certified.”
ISO27001 includes an Information Security Management System, and simply put is a set of processes that together help an organization to manage their information security by assessing their risks and taking action to reduce them. The other part of ISO27001 involves the 114 reference controls contained in Annex A. This is a set of good-practice ideas that you can use to make your organization more secure, and they’re organised into 14 areas such as information security policies, human resource security, access control and incident management, to name but a few.
Amy and her team found the unlimited email support that comes with the ISO27001 toolkit package very useful. “The email support was key at the beginning, we could email a question and get a response back the next day, even with the time difference.”
The toolkit package also comes with an expert review of up to three documents. CertiKit’s consultants provided detailed feedback on ISMS-FORM-06-3: Scenario Based Risk Assessment and Treatment and ISMS-DOC-04-1: Information Security Context, Requirements and Scope, as well as detailed information on Annex A and explained the importance of ISMS-DOC-A08-3: Information Labelling Procedure to the team. This ensured that Focused Fitness knew they were on the right track before their audit.
Focused Fitness became certified in just months with the help of our ISO27001 toolkit and the expert advice from our consultancy team.
Amy explains, “It took us eight months to get certified. We started researching auditors and the standard at the beginning of January, and we were certified at the end of August. We dedicated time to work on this on a weekly basis so we could move the process forward. Our auditor said our documentation was very thorough and the CertiKit toolkit was key to passing our audit. Thank you for your support whenever we had questions. It was greatly appreciated as we tried to figure out this process.”
Congratulations to all involved.
(Case study written 24th Sept 2019)