Focused Fitness based in Washington, USA, are providers of physical education software and curriculum. Their bespoke software WELNET® is designed to provide physical educators with a tool to gather student fitness data and communicate results. The Company recently became certified to ISO27001 via a CertiKit toolkit, and below Amy Lutz, VP of Software, talks us through the process.
Like many organizations, Focused Fitness decided to become certified to ISO27001, due to client demand and contract requirements. Becoming certified to a Standard is often a requirement when bidding for contracts, especially with government contracts or for larger business. Certification was the next logical step for the business in order to develop and grow.
The main trial Focussed Fitness faced once deciding to become ISO27001 certified was one that is common amongst many organizations, Amy explains, “Our biggest challenge at first was understanding what the process involved, what the standard was and how to actually get certified.”
ISO27001 includes an Information Security Management System, and simply put is a set of processes that together help an organization to manage their information security by assessing their risks and taking action to reduce them. The other part of ISO27001 involves the 114 reference controls contained in Annex A. This is a set of good-practice ideas that you can use to make your organization more secure, and they’re organised into 14 areas such as information security policies, human resource security, access control and incident management, to name but a few.
There a number of different solutions for organizations to become certified, this can range from purchasing the standard and starting from scratch to having the whole process completed by a qualified consultant. The CertiKit toolkit is a middle ground and designed to make the whole process simple and affordable.
“The CertiKit toolkit seemed more comprehensive than the others we looked at for the price. The unlimited email support was also a key selling feature. The templates and guidance that CertiKit provided made the process manageable. We were able to read the documents and make edits based on the specific needs of our company. We also implemented new processes based on the documents.”
Amy and her team found CertiKit’s unlimited email support service that comes with the ISO27001 toolkit package very useful. “The email support was key at the beginning, we could email a question and get a response back the next day, even with the time difference.” The toolkit package also came with expert review of up to three documents. Our expert contributor provided detailed feedback to ISMS-FORM-06-3: Scenario Based Risk Assessment and Treatment and ISMS-DOC-04-1: Information Security Context, Requirements and Scope, as well as detailed information on Annex A and explaining the importance of ISMS-DOC-A08-3: Information Labelling Procedure to the team. This ensured that Focused Fitness were on the right track before their audit.
Focused Fitness managed to become certified in just months with the help of our ISO27001 toolkit and expert advice from our support team.
“It took us eight months to get certified. We started researching auditors and the Standard at the beginning of January and were certified at the end of August. We had dedicated time to work on this on a weekly basis so we could move the process forward. Our auditor said our documentation was very thorough and the CertiKit toolkit was key to passing our audit. Thank you for your support whenever we had questions. It was greatly appreciated as we tried to figure out this process.”