Ishango Limited, a UK-based business and IT consultancy firm that designs, develops, and deploys pragmatic solutions for companies is currently using the CertiKit toolkit to assist with their ISO27001 certification process and have found it a great help. As a small organisation, the team decided to pursue certification to ISO27001 to bid for more contracts, improve business reputation, and grow as a company. Below, Chris Henry, their lead consultant tells us more about the process.
With no prior experience of ISO27001 implementation and with the volume of information available, the biggest challenge for the team was where to begin. Chris adds: “It was so confusing, we had no idea what we needed to do or where to start.”
Choosing the right solution to make the process easier is a task within itself, and like many organisations, the team looked at consultancy services, software packages, and even training courses. They decided on the CertiKit toolkit for a number of reasons, Chris explains the main points for him were “the brilliant price, the professionalism of the example documents and the included email support was an added bonus too.”
Six months ago, the team of three set to work on embedding the relevant processes within the organisation ready for the certification audit, and they are making great progress with the help of the toolkit. As the toolkit has no time or user limits, the team work on the project between one to four days a week and have found they can pick the project up when convenient depending on other commitments. Chris explains: “The toolkit gave us the road map of what we needed to do in order to implement ISO 27001. It even gave us the project initiation documentation, checklists, and included everything we needed as a small company undertaking this project.”
With other business commitments the certification has taken a back seat, but by using the CertiKit toolkit the team know they’ll have all of the resources they need when they are ready to certify.
The information within the toolkit allowed the business to grow and learn too. “The toolkit turned certification from a tick box exercise into an opportunity for the business to learn some key lessons and to be set up in a way which allows for future growth,” Chris explains.
ISO27001 is often a requirement when bidding for larger contracts or government tenders. Aligning the business to the standard and the forthcoming certification has allowed Ishango Ltd to bid for work with new clients too.
Once their ISO27001 certification audit is complete, which they are confident about given their newly found knowledge and processes, the business will look to build on this with further InfoSec certification and governance to ensure a robust management system is in place.
(Case study written 3rd March 2021)