When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.
SupplierGATEWAY is a software-as-a-service supplier management and procurement platform based in California, USA. The company helps buyers and suppliers manage their relationships through integrated tools and powerful cloud-based services. Forina Vong, Network Infrastructure and Security Manager explains how the ongoing support from the CertiKit toolkit and support package assists with the timely development of their Information Security Management System (ISMS).
SupplierGATEWAY chose to certify to ISO27001 to streamline their ISMS and stay competitive within their industry. It was increasingly important as a cloud-service provider to ensure all requirements were complied with, including the relevant parts of the ISO27017 (controls for Cloud Service Providers) and ISO27018 (controls for protection of Personally Identifiable Information) codes of practice.
The biggest challenge SupplierGATEWAY faced from the beginning was the lack of ISO27001 expertise and knowledge in-house. The standard itself is substantial and includes the 114 Annex A controls. The requirements within ISO27001 are in-depth and certification can be a difficult task to take on with no prior knowledge.
Tasked with certifying to the ISO27001 standard, Forina found that, with colleagues and time available to take on the implementation, a toolkit was the best solution for their business. “The great reviews from the website made us choose a CertiKit toolkit. The comprehensive documentation and great support helped make achieving certification easier.” The coverage of the ISO27017 and ISO27018 codes of practice within the toolkit, specifically developed for cloud service providers, were particularly helpful, including documents such as ISMS-DOC-A05-3: Cloud Computing Policy and ISMS-DOC-A05-4: Cloud Service Specifications.
The SupplierGATEWAY team took just over a year to certify to the standard, whilst dedicating 10 – 15 hours per week to the project. The team chose to use the toolkit solely as guidance and didn’t need to call on external consultants for help. Instead, the team made excellent use of the unlimited email support available from CertiKit, describing this assistance as the most useful aspect of the package.
Taking on the implementation of the standard internally proved beneficial to the business, Forina explains “We discovered opportunities for improvement in the way we are running our ISMS. We now find it much easier to provide our prospective clients with our security documentation during the sales process.”
With an increased internal knowledge, an ISO27001 certification and a continually improving ISMS, the team couldn’t be happier with the outcome. “We would definitely recommend the CertiKit toolkit to another company” said Forina. For now, the SupplierGATEWAY team have updated their toolkit support subscription for a second year and are currently working through the new documents released in version 10 of the ISO27001 toolkit to continually improve their ISMS ready for their next annual audit.
CertiKit is a provider of ISO toolkits, consultancy and internal auditing services, and has helped more than 4000 organizations worldwide with their compliance.
For more guidance on implementing the ISO standard of your choice, go to our guidance pages where you can find more specific information about each standard and more downloadable resources.