Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu
Home Blog SupplierGATEWAY Continue their ISMS Development with a CertiKit Toolkit

SupplierGATEWAY is a software-as-a-service supplier management and procurement platform based in California, USA. The company helps buyers and suppliers manage their relationships through integrated tools and powerful cloud-based services. Forina Vong, Network Infrastructure and Security Manager explains how the ongoing support from the CertiKit toolkit and support package assists with the timely development of their Information Security Management System (ISMS).

 

Supplier Gateway logo

Reason for certification

SupplierGATEWAY chose to certify to ISO27001 to streamline their ISMS and stay competitive within their industry. It was increasingly important as a cloud-service provider to ensure all requirements were complied with, including the relevant parts of the ISO27017 (controls for Cloud Service Providers) and ISO27018 (controls for protection of Personally Identifiable Information) codes of practice.

Where to start?

The biggest challenge SupplierGATEWAY faced from the beginning was the lack of ISO27001 expertise and knowledge in-house. The standard itself is substantial and includes the 114 Annex A controls. The requirements within ISO27001 are in-depth and certification can be a difficult task to take on with no prior knowledge.

Finding the right solution:

Tasked with certifying to the ISO27001 standard, Forina found that, with colleagues and time available to take on the implementation, a toolkit was the best solution for their business. “The great reviews from the website made us choose a CertiKit toolkit. The comprehensive documentation and great support helped make achieving certification easier.” The coverage of the ISO27017 and ISO27018 codes of practice within the toolkit, specifically developed for cloud service providers, were particularly helpful, including documents such as ISMS-DOC-A05-3: Cloud Computing Policy and ISMS-DOC-A05-4: Cloud Service Specifications.

The process

The SupplierGATEWAY team took just over a year to certify to the standard, whilst dedicating 10 – 15 hours per week to the project. The team chose to use the toolkit solely as guidance and didn’t need to call on external consultants for help. Instead, the team made excellent use of the unlimited email support available from CertiKit, describing this assistance as the most useful aspect of the package.

Taking on the implementation of the standard internally proved beneficial to the business, Forina explains “We discovered opportunities for improvement in the way we are running our ISMS. We now find it much easier to provide our prospective clients with our security documentation during the sales process.”

Success!

With an increased internal knowledge, an ISO27001 certification and a continually improving ISMS, the team couldn’t be happier with the outcome. “We would definitely recommend the CertiKit toolkit to another company” said Forina. For now, the SupplierGATEWAY team have updated their toolkit support subscription for a second year and are currently working through the new documents released in version 10 of the ISO27001 toolkit to continually improve their ISMS ready for their next annual audit.

More ISO Resources

CertiKit is a provider of ISO toolkits, consultancy and internal auditing services, and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the ISO standard of your choice, go to our guidance pages where you can find more specific information about each standard and more downloadable resources.

More ISO Guidance

We’ve helped more than 4000 businesses with their compliance

Testimonials

I found the toolkit templates easily map back to the standard. The introductory information for each document was helpful in preparing for our external audit.

V-Tech Solutions, Inc.
USA

View all Testimonials

Cookie Control

CertiKit uses cookies to improve your user experience. Some are essential for our website to work, but for others you have a choice over which ones you’re happy for us to use.

Please set the controls below to enable or disable the types of cookies shown.

Nice to have cookies
What are these?

Advertising Cookies
What are these?

Cookie Policy