Case Study: MindCraft

Why choose to become certified to ISO 27001?

There were several key reasons that MindCraft chose to become certified to the ISO 27001 standard:

• The company places a high value on information security to protect their data.
• As a supplier for sensitive government projects, achieving certification was crucial to meet strict security requirements.
• Certification was seen to boost credibility and reassure potential clients of their commitment to information security.
• The company saw certification as an opportunity to deepen its knowledge of information security and improve internal practices.

Initial Stages

MindCraft was just starting its compliance journey when it decided to purchase the CertiKit toolkit. With limited in-house expertise, they needed a structured framework to guide them through the certification process, making the toolkit an ideal starting point.

Choosing CertiKit over other options

MindCraft chose the CertiKit toolkit based on a recommendation from a trusted supplier. The comprehensive resources and templates offered by CertiKit provided the guidance needed to navigate the complexities of the certification process.

In addition to using the toolkit, MindCraft considered other implementation options. They eventually decided to bring in consultants to supplement their internal resources and accelerate the certification timeline.

How the CertiKit Toolkit helped

Sarah Walker confirmed that one of the most valuable features of the CertiKit toolkit was the template for the ‘Statement of Applicability’, which helped their team understand the scale and scope of the task at hand. CertiKit’s templates and guidance also played a critical role in shaping the company’s policies.

Challenges

Throughout the certification process, MindCraft faced challenges.

As a small business, they found it difficult to allocate sufficient resources to manage the large number of compliance requirements. The team sometimes found it difficult to familiarise themselves with the documentation required for ISO 27001 certification, though this was eased with the use of the high-quality templates found in the toolkit.

Opportunities for Improvement

While working through the toolkit, MindCraft identified multiple opportunities for improvement in their organisational processes. As an SME, they discovered areas where they could operate more efficiently if they had more resources. Additionally, the process highlighted specific gaps, such as the need to handle information security incidents, prompting MindCraft to refine their existing incident management procedures.

Success!

With the help of the CertiKit toolkit and additional consultancy support, MindCraft successfully prepared for ISO 27001 certification, enhancing both their security practices and business opportunities.

MindCraft’s certification process took over 18 months to complete, partly due to delays and changes in the consultants they used to assist them with the project. During the most intensive phase, one key team member dedicated half of their full-time role to the project for about four months. The entire leadership team, comprising five people, was actively involved throughout the process.

Benefits of Certification

ISO 27001 certification has opened new opportunities for MindCraft, including the potential to secure client projects that require the certification. It has also strengthened their credentials for public sector procurement frameworks and helped establish a culture of consistent policy review and improvement.

What’s next?

MindCraft has since expanded its certifications to include the UK Government backed Cyber Essentials Plus scheme and is looking to further enhance its reputation and competitive edge by certifying to ISO 9001 – Quality and ISO 14001 – Environmental.

Congratulations MindCraft on your successful certification.

(Case study written: 17th October 2024)

more case studies