When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.
PWD, a Digital Marketing Agency based in Australia, recently certified to ISO27001 for an Information Security Management System with the help of a CertiKit toolkit. PWD decided to certify to the standard to reduce information security risk, to protect their own and their client’s data, and to stand out amongst competitors. Warrun Lewis, Technical Support Coordinator at PWD shares their journey to certification.
Choosing the right compliance solution is often a difficult starting point for many organisations, and PWD considered a free toolkit solution before deciding on the CertiKit premium version. The price and reputation of the CertiKit toolkit is what swayed the decision.
The ISO27001 toolkit was purchased at the beginning of the compliance journey. Warrun took the lead with input and reviews from senior management and spent on average one day per week on the project.
As with all new projects, there were some challenges faced when implementing the standard. “Navigating the large number of policies required for compliance and deciding the most appropriate method to assess and treat risks” were named as some of the biggest challenges for PWD, and they’re not alone, this is often where many organisations struggle.
But the toolkit made the process easier. “Templates to cover every required document with helpful tips about how to edit to suit an individual organisation” was cited as an invaluable feature of the toolkit, as well as the risk assessment and risk treatment spreadsheets. Warrun adds, “The document log makes managing the implementation process much easier.”
Following a nine-month implementation, PWD successfully certified to the ISO27001 standard in May 2023, congratulations!
Certification has already presented several benefits to PWD. “We have significantly improved our information security by implementing controls required by the standard, and by assessing and treating our greatest risks. It has also highlighted the importance of record keeping and documentation.”
As well as internal benefits, it has made the tender process easier when completing security questionnaires. “The ISMS certification has allowed us to confidently answer questions about our security posture and the security of our business processes.”
Following a successful ISMS certification, PWD decided to aim for ISO9001 certification for a Quality Management System. The decision was made based on the performance in getting certified to ISO27001 and the similarities between the standards.
They’re currently successfully implementing the standard with help from CertiKit’s ISO 9001 toolkit and have completed the Stage One audit with their Registered Certification Body.
Best of luck PWD with your next certification!
(Case study published on 29th August 2023)