Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu
Home Case Study: SupplierGATEWAY

SupplierGATEWAY is a SaaS supplier management and procurement platform based in California, USA. The company helps buyers and suppliers manage their relationships through integrated tools and powerful cloud-based services. Forina Vong, Network Infrastructure and Security Manager explains how the ongoing support from CertiKit assists with the timely development of their Information Security Management System (ISMS).

Supplier Gateway logo in blue and green

Reason for certification

SupplierGATEWAY chose to certify to ISO27001 to streamline their ISMS and stay competitive within their industry. It was increasingly important as a cloudservice provider to ensure all requirements were complied with, including the relevant parts of the ISO27017 (controls for cloud service providers) and ISO27018 (controls for protection of personally identifiable information) codes of practice.

Finding the right solution

The biggest challenge SupplierGATEWAY faced from the beginning was the lack of ISO27001 knowledge internally. The standard itself is substantial and includes the 114 Annex A controls. The requirements within ISO27001 are in-depth and implementation can be difficult with no prior knowledge.

Forina found that, with colleagues available to take on the project, a toolkit was the best solution for their business. “The great reviews from the website made us choose a CertiKit toolkit. The comprehensive documentation and great support helped make achieving certification easier.”  The coverage of the ISO27017 and ISO27018 codes of practice within the toolkit, specifically developed for cloud service providers, were particularly helpful, including documents such as ISMS-DOC-A05-3: Cloud Computing Policy and ISMS-DOC-A05-4: Cloud Service Specifications.

The process

The SupplierGATEWAY team took just over a year to certify to the standard, whilst dedicating 10-15 hours per week to the project. The team chose to use the toolkit solely as guidance and didn’t need to call on external consultants for help. Instead, the team made excellent use of the unlimited email support available from CertiKit, describing this assistance as the most useful aspect of the package.

Taking on the implementation of the standard internally proved beneficial to the business, Forina explains, “We discovered opportunities for improvement in the way we are running our ISMS. We now find it much easier to provide our prospective clients with our security documentation during the sales process.”

Success!

With an increased internal knowledge, an ISO27001 certification and a continually improving ISMS, the team couldn’t be happier with the outcome. “We would definitely recommend the CertiKit toolkit to another company” said Forina. For now, the SupplierGATEWAY team have updated their toolkit support subscription for a second year and are currently working through the new documents released in version 10 of the ISO27001 toolkit to continually improve their ISMS ready for their next annual audit.

 

 

(Case study written: 18th February 2020)

 

 

more case studies

We’ve helped more than 4000 businesses with their compliance

Testimonials

Compared to competing toolkits, your ISO27001 document structure was very good. The provided "Introduction" of each was useful (I have moved those out of the core documents and into a more comprehensive manual) for the general audience vs security staff. The inclusion of references to 27017 and 27018 were appreciated. You provided more "ISMS-C" oriented artefacts than competitors.

Trusted By Design Inc.
Canada

View all Testimonials

Cookie Control

CertiKit uses cookies to improve your user experience. Some are essential for our website to work, but for others you have a choice over which ones you’re happy for us to use.

Please set the controls below to enable or disable the types of cookies shown.

Nice to have cookies
What are these?

Advertising Cookies
What are these?

Cookie Policy