What’s got us talking

Story
SouthWestSensor ISO 9001 and ISO 14001 for tech start-up
Story
Elgin Energy UK solar energy developer and asset manager
Story
Eseye ISO 27001: 2022 Transition for IoT Services Provider

Make an enquiry

To find out more about how Qfactorial can help your business, please get in touch using the enquiry form below or, if you prefer, call us on +44 (0)1256 814111 or email kevin@qfactorial.co.uk to speak to our principal consultant.

Success Stories

ISO 27001: 2022 Transition for Cloud & Cybersecurity Provider

Axians UK offer a range of services spanning network infrastructure, cybersecurity, cloud and managed services to critical national infrastructure, private and public organisations.  We have worked with Nouveau Solutions both before and after their absorption into the Axians family.

The 2022 revision of ISO 27001 introduced significant changes and challenges even for already certified organisations. With a new control structure and many new controls, transitioning to the new standard is a significant piece of work for client and consultant. Building on six years of continuous ISO support, and strong relationships at all levels of the business, we were able to design an ISO 27001 transition programme to run alongside other compliance programmes and strategic changes. Key to the success of the programme was the equal division of gap-closure work between our consultant and the client’s key personnel.

3

themes.

93

controls.

QFactorial Service offering

ISO Certification
UKAS Accreditation
Sustainability Strategy
Process Improvement
Audit Services
Advisory Services

Implementation

Beginning with a gap assessment against the new standard and a detailed review of existing group controls, we were able to create a combined Gap Closure and Integration Plan, with the workload divided between Q! and client. Many policies were created and updated, some reflecting changes in the business, others addressing  changes in the standard. These were rolled out and implemented by the client before being subjected to a complete internal audit by Q! Our existing toolkit was deployed to manage the work and the changes, including mature risk assessment and action tracking tools. One thing that hasn’t changed in the revised standard is the focus on CIA, the key themes of Confidentiality, Integrity and Availability of information. But the nature of real-world vulnerabilities, risks and mitigations has certainly changed with the passing of a decade. Aligning the management system to a client’s reality is what we are all about. We always like to be present during the final assessment, helping the client to interpret and respond to questions by the certification body auditor. Being grilled on ISO 27001 for a few days can be a gruelling experience, definitely a case of a trauma shared is a trauma halved!

ISO 27001: 2022 is a hard standard to meet. Which makes a successful assessment all the more satisfying. The best auditors will dive deep into the 93 control requirements and test not only for compliance, but also for effectiveness. This is not a paper exercise!

The Outcome

ISO 27001: 2022 certification achieved with compliments from the auditor.

Aside from a delighted client, we also elicited this comment from the auditor: “That’s the best legal register and compliance process I’ve seen, I’m recording it as best practice.”

Anonymous

Certification Body Auditor

Interested in this story?

Speak with a Qfactorial expert

Make an enquiry
Thank you

We have recieved your enquiry and one of our specialists will be in contact with you shortly.