PWD, a Digital Marketing Agency based in Australia, certified to ISO27001 for an Information Security Management System with the help of a CertiKit toolkit. PWD decided to certify to the standard to reduce information security risk, to protect their own and their client’s data, and to stand out amongst competitors. Warrun Lewis, Technical Support Coordinator at PWD shares their journey to certification.
Finding the right solution
Choosing the right compliance solution is often a difficult starting point for many organisations, and PWD considered a free toolkit solution before deciding on the CertiKit premium version. The price and reputation of the CertiKit toolkit is what swayed the decision.
The process
The ISO27001 toolkit was purchased at the beginning of the compliance journey. Warrun took the lead with input and reviews from senior management and spent on average one day per week on the project.
As with all new projects, there were some challenges faced when implementing the standard. “Navigating the large number of policies required for compliance and deciding the most appropriate method to assess and treat risks” were named as some of the biggest challenges for PWD, and they’re not alone, this is often where many organisations struggle.
But the toolkit made the process easier. “Templates to cover every required document with helpful tips about how to edit to suit an individual organisation” was cited as an invaluable feature of the toolkit, as well as the risk assessment and risk treatment spreadsheets. Warrun adds, “The document log makes managing the implementation process much easier.”
Success!
Following a nine-month implementation, PWD successfully certified to the ISO27001 standard, congratulations!
Certification has already presented several benefits to PWD. “We have significantly improved our information security by implementing controls required by the standard, and by assessing and treating our greatest risks. It has also highlighted the importance of record keeping and documentation.”
As well as internal benefits, it has made the tender process easier when completing security questionnaires. “The ISMS certification has allowed us to confidently answer questions about our security posture and the security of our business processes.”
What’s next?
Following a successful ISMS certification, PWD decided to aim for ISO9001 certification for a Quality Management System. The decision was made based on the performance in getting certified to ISO27001 and the similarities between the standards.
They’re successfully implementing the standard with help from CertiKit’s ISO 9001 toolkit and have completed the Stage One audit with their Registered Certification Body.
Best of luck PWD with your next certification!
