Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu

SupplierGATEWAY is a software-as-a-service supplier management and procurement platform based in California, USA. The company helps buyers and suppliers manage their relationships through integrated tools and powerful cloud-based services. Forina Vong, Network Infrastructure and Security Manager explains how the ongoing support from the CertiKit toolkit and support package assists with the timely development of their Information Security Management System (ISMS).


Supplier Gateway logo

Reason for certification

SupplierGATEWAY chose to certify to ISO27001 to streamline their ISMS and stay competitive within their industry. It was increasingly important as a cloud-service provider to ensure all requirements were complied with, including the relevant parts of the ISO27017 (controls for Cloud Service Providers) and ISO27018 (controls for protection of Personally Identifiable Information) codes of practice.

Where to start?

The biggest challenge SupplierGATEWAY faced from the beginning was the lack of ISO27001 expertise and knowledge in-house. The standard itself is substantial and includes the 114 Annex A controls. The requirements within ISO27001 are in-depth and certification can be a difficult task to take on with no prior knowledge.

Finding the right solution:

Tasked with certifying to the ISO27001 standard, Forina found that, with colleagues and time available to take on the implementation, a toolkit was the best solution for their business. “The great reviews from the website made us choose a CertiKit toolkit. The comprehensive documentation and great support helped make achieving certification easier.” The coverage of the ISO27017 and ISO27018 codes of practice within the toolkit, specifically developed for cloud service providers, were particularly helpful, including documents such as ISMS-DOC-A05-3: Cloud Computing Policy and ISMS-DOC-A05-4: Cloud Service Specifications.

The process

The SupplierGATEWAY team took just over a year to certify to the standard, whilst dedicating 10 – 15 hours per week to the project. The team chose to use the toolkit solely as guidance and didn’t need to call on external consultants for help. Instead, the team made excellent use of the unlimited email support available from CertiKit, describing this assistance as the most useful aspect of the package.

Taking on the implementation of the standard internally proved beneficial to the business, Forina explains “We discovered opportunities for improvement in the way we are running our ISMS. We now find it much easier to provide our prospective clients with our security documentation during the sales process.”


With an increased internal knowledge, an ISO27001 certification and a continually improving ISMS, the team couldn’t be happier with the outcome. “We would definitely recommend the CertiKit toolkit to another company” said Forina. For now, the SupplierGATEWAY team have updated their toolkit support subscription for a second year and are currently working through the new documents released in version 10 of the ISO27001 toolkit to continually improve their ISMS ready for their next annual audit.

Over 3000 businesses have purchased our toolkits


Great job guys, your documents gave us the framework to start from and we have found the editing process to be much easier with a starting point. You guys don't charge enough for the amount of time we've saved. I'd say 3 months.

Director of IT
SMS Data Products Group, inc

View all Testimonials