Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

Case Study: MindCraft’s Journey to ISO27001 Certification

MindCraft, a growing SME involved in sensitive government projects, recognised the need to strengthen its information security measures. To meet client demands and improve internal practices, the company decided to pursue ISO 27001 certification.

Sarah Walker, Director of Communications and Marketing at MindCraft, shares how the CertiKit ISO 27001 Toolkit helped them successfully implement the standard.

Why choose to become certified to ISO 27001?

There were several key reasons that MindCraft chose to become certified to the ISO 27001 standard:

  • The company places a high value on information security to protect their data.
  • As a supplier for sensitive government projects, achieving certification was crucial to meet strict security requirements.
  • Certification was seen to boost credibility and reassure potential clients of their commitment to information security.
  • The company saw certification as an opportunity to deepen its knowledge of information security and improve internal practices.

Initial Stages

MindCraft was just starting its compliance journey when it decided to purchase the CertiKit toolkit. With limited in-house expertise, they needed a structured framework to guide them through the certification process, making the toolkit an ideal starting point.

Choosing CertiKit over other options

MindCraft chose the CertiKit toolkit based on a recommendation from a trusted supplier. The comprehensive resources and templates offered by CertiKit provided the guidance needed to navigate the complexities of the certification process.

In addition to using the toolkit, MindCraft considered other implementation options. They eventually decided to bring in consultants to supplement their internal resources and accelerate the certification timeline.

How the CertiKit Toolkit helped

Sarah Walker confirmed that one of the most valuable features of the CertiKit toolkit was the template for the ‘Statement of Applicability’, which helped their team understand the scale and scope of the task at hand. CertiKit’s templates and guidance also played a critical role in shaping the company’s policies.

Challenges

Throughout the certification process, MindCraft faced challenges.

As a small business, they found it difficult to allocate sufficient resources to manage the large number of compliance requirements. The team sometimes found it difficult to familiarise themselves with the documentation required for ISO 27001 certification, though this was eased with the use of the high-quality templates found in the toolkit.

Opportunities for Improvement

While working through the toolkit, MindCraft identified multiple opportunities for improvement in their organisational processes. As an SME, they discovered areas where they could operate more efficiently if they had more resources. Additionally, the process highlighted specific gaps, such as the need to handle information security incidents, prompting MindCraft to refine their existing incident management procedures.

Success!

With the help of the CertiKit toolkit and additional consultancy support, MindCraft successfully prepared for ISO 27001 certification, enhancing both their security practices and business opportunities.

MindCraft’s certification process took over 18 months to complete, partly due to delays and changes in the consultants they used to assist them with the project. During the most intensive phase, one key team member dedicated half of their full-time role to the project for about four months. The entire leadership team, comprising five people, was actively involved throughout the process.

Benefits of Certification

ISO 27001 certification has opened new opportunities for MindCraft, including the potential to secure client projects that require the certification. It has also strengthened their credentials for public sector procurement frameworks and helped establish a culture of consistent policy review and improvement.

What’s next?

MindCraft has since expanded its certifications to include the UK Government backed Cyber Essentials Plus scheme and is looking to further enhance its reputation and competitive edge by certifying to ISO 9001 – Quality and ISO 14001 – Environmental.

Congratulations MindCraft on your successful certification.

(Case study written: 17th October 2024)


 

more case studies

We’ve helped more than 7000 businesses with their compliance

Testimonials

Your product is well thought out, the writing style is perfect. These templates have been very easy to implement.

Rolta-AdvizeX
USA

View all Testimonials