ISO 9001 & 27001 - CASE STUDY
FOR AN ORGANISATION TO BE ABLE TO PROTECT THE CONFIDENTIALITY, INTEGRITY AND AVAILABILITY OF ITS SYSTEMS AND DATA, IT IS ESSENTIAL TO DEVELOP A MANAGEMENT FRAMEWORK OF PROCEDURES, POLICIES, OPERATIONS AND PROCESSES. WITHOUT A DEVELOPED INFORMATION SECURITY PROGRAM, IT CAN BE CHALLENGING TO PROTECT A COMPANY FROM CURRENT CYBERSECURITY RISKS AND FROM AN EVER EVOLVING THREAT LANDSCAPE
NWT were approached by a client, a specialised Software as-a-Service (SaaS) company, to support them with their ISO9001 and ISO27001 accreditation journey. They had a developed governance framework for their business with many of the standard controls and policies, but needed to extend to full 9001 and 27001 certification. These standards have become a requirement for their key business partnerships such as Microsoft and AWS.
The first step in the journey was to ensure that the client was conversant with the structure and frameworks of the ISO9001 and ISO27001 standards and could relate their current policies and processes. Maturity models were used to assess what had already been developed against the standard, provide the basis of feedback to the client to help understanding of the standard and develop the backlog of work required to bridge the gaps. This approach defined the scope of work required but also enhanced the understanding of the standard by the client as a key preparation for the eventual audits.
NWT Started with the ISO9001 Quality Management System QMS standard and assisted with the preparation of the necessary processes and policies. With this completed as a foundation, the ISO27001 Information security requirements were then added to provide an overall integrated Management system. Combining the two systems in this way ensures a simplified documentations structure and simplifies auditing requirements going forward.
Following the introduction of both standards to the client and development of the policies and controls, NWT then provided the necessary internal audit processes, creating the backlog of improvements to enhance both standards to position the client for the external audits for certification. Finally, NWT Provided close support throughout the external audits leading to full certification as maturing management systems.
Although the client had many of the key processes and policies in place, ISO9001 and ISO27001 certification aligns these to best practice, addresses any gaps against the standard and ensures that controls are addressed by the daily governance of the business over time. Annual audits ensure the standards are maintained demonstrate to clients and supplier’s adherence to the standards.
Since 9001/27001 standards are now a mandatory requirement for the supply chains of many Enterprise and government organisations, the standards ensures the client can participate in commercial offerings and partner with large Cloud providers.