Case Study:
Building Energy Management Systems Ltd
Sector: IT & Communications
Challenges
Working in the technology area and for organisations that require safe and secure supply chains, BEMS wanted to be able to demonstrate their pedigree using the gold standard in information security management, ISO 27001 certification.
However, there were no internal resources competent to do this and with a small team, they needed expert guidance and knowledge in building up their information security maturity from the ground up.
Solutions
CentriVault working with its partners developed a fast-track route map at the client’s request to achieve the necessary levels of security maturity within 6 months.
This involved starting with Cyber Essentials and migrating up to the gold standard of ISO 27001 certification - full security maturity with embedding good practices and behaviours along the way.
The Implementation
Several dedicated resources were provided to the client to act as their extended information security team. Working with their Group security lead, the team put together an approach starting with a detailed gap analysis, leading to achieving Cyber Essentials and then ISO 27001 certification within their required ambitious schedule.
Since then we have ensured that BEMS has been successful in both embedding the necessary processes for an effective ISMS but also at a recent BSI surveillance audit for their ISO 27001 certification.
The Outcome
The company has achieved all of its objectives with minimal disruption and a plan of management has been embedded – led by top management. It has been able to showcase its achievements with current and potential customers with notable comments received on the impressive achievements for a company its size.
Achieving full ISO 27001 accreditation has enabled BEMS to target more sales opportunities, including public sector tenders and has helped position it with larger technology providers.
Top management have also noticed no security incidents have occurred and the company is running leaner and more sustainable with areas like paperless implementations.
Project Highlights
1
Security Accreditations
-
Secure systems to better protect their internal and customer data.
-
More effective risk and opportunity identification.
-
Successful certification for Cyber Essentials & full ISO 27001 accreditation in less than 5 months.
2
Improved Awareness
-
In-depth training and security awareness now embedded
-
Improved office security and access control
-
Delivered project on time and to the agreed budget
3
Continual Improvement
-
Successfully achieved a continual assessment through the BSI audit
-
Improved the company’s reputation, market position and internal security maturity