ISO 9001 & 27001 –

Case Study 

ISO 9001 & 27001 – 

Case Study

ISO 9001 & 27001 - Case Study

For an organisation to be able to protect the confidentiality, Integrity and availability of its systems and data, it is essential to develop a management framework of procedures, policies, operations and processes. Without a developed information security program it can be challenging to protect a company from current cybersecurity risks and from an ever evolving threat landscape. Even with the best technical controls, organisations must also consider the people risks coupled with robust supplier and supply chain considerations to achieve a rounded information security hardened posture.

The role

NWT were approached by a client, a specialised SaaS company, to support them with their ISO9001 and ISO27001 accreditation journey. They had a developed governance framework for their business with many of the standard controls and policies, but needed to extend to full 9001 and 27001 certification. These standards have become a requirement for their key business partnerships such as Microsoft and AWS.

The first step in the journey was to ensure that the client was conversant with the structure and frameworks of the ISO9001 and ISO27001 standards and could relate their current policies and processes. Maturity models were used to assess what had already been developed against the standard, provide the basis of feedback to the client to help understanding of the standard and develop the backlog of work required to bridge the gaps. This approach defined the scope of work required but also enhanced the understanding of the standard by the client as a key preparation for the eventual audits.

NWT Started with the ISO9001 Quality Management System QMS standard and assisted with the preparation of the necessary processes and policies. With this completed as a foundation, the ISO27001 Information security requirements were then added to provide an overall integrated Management system. Combining the two systems in this way ensures a simplified documentations structure and simplifies auditing requirements going forward.

Following the introduction of both standards to the client and development of the policies and controls, NWT then provided the necessary internal audit processes, creating the backlog of improvements to enhance both standards to position the client for the external audits for certification. Finally, NWT Provided close support throughout the external audits leading to full certification as maturing management systems.

Key outcomes

Although the client had many of the key processes and policies in place, ISO9001 and ISO27001 certification aligns these to best practice, addresses any gaps against the standard and ensures that controls are addressed by the daily governance of the business over time. Annual audits ensure the standards are maintained demonstrate to clients and supplier’s adherence to the standards.

Since 9001/27001 standards are now a mandatory requirement for the supply chains of many Enterprise and government organisations, the standards ensures the client can participate in commercial offerings and partner with large cloud providers.

Together, Anexinet and NWT are uniquely positioned to help clients streamline their journey to the Cloud in the face of the pandemic by designing, building, automating and managing their workloads and applications on Enterprise-Cloud or Cloud-Hyperscalers, including AWS, Alibaba, Google Cloud, and Microsoft Azure. The strategic partnership has already helped one established financial institution unlock significant value by accelerating the development and delivery of effective, integrated Cloud-based solutions. Anexinet’s proven Kickstart process and comprehensive set of tools and services deliver an Agile, scalable Cloud-based environment that embraces traditional IT as well as Private, Public, and Managed Cloud. Migrating applications and business systems to the Cloud is a daunting task for even the most mature organization. As a result, a Cloud-adoption strategy and roadmap often means the difference between successful deployment and failure to launch. Anexinet helps organizations determine their ideal strategic approach.

 

How Anexinet aligns with our 5D framework