What’s got us talking

Story
SouthWestSensor ISO 9001 and ISO 14001 for tech start-up
Story
Elgin Energy UK solar energy developer and asset manager
Story
Eseye ISO 27001: 2022 Transition for IoT Services Provider

Make an enquiry

To find out more about how Qfactorial can help your business, please get in touch using the enquiry form below or, if you prefer, call us on +44 (0)1256 814111 or email kevin@qfactorial.co.uk to speak to our principal consultant.

Success stories

Nouveau Solutions

Nouveau Solutions provides a range of managed IT support services, including: infrastructure, networks, cloud services, software development and IT security. 

Already mired in excessive documentation, Nouveau realised that they were travelling the wrong path to ISO 27001 certification and QFactorial were called in initially to advise, then to create a new roadmap and a simpler Information Security Management System (ISMS).

ISO

27001

0

nonconformities; 80% less paperwork

QFactorial Service Offering

ISO Certification
UKAS Accreditation
Sustainability Strategy
Process Improvement
Audit Services
Advisory Services

Implementation

This was a classic case of applying our signature approach: Collaborate, Integrate, Challenge, Improve. The project was re-booted with a comprehensive risk assessment from which we were able to decide on the necessary InfoSec controls. In many cases, existing controls and initiatives were already robust enough to embody in the ISMS, including elements of the company's ISO 9001 and Cyber Essentials approvals. In other cases, controls were developed or enhanced. The resulting ISMS Manual and policies amounted to an 80% reduction in documentation. 

The problem with templates for management systems is that they try to cover every clause, every detail, every eventuality. This leads everybody, especially small businesses, into the trap of over-documentation. It’s better to build a management system from the ground up rather than imposing a grand design from the top down. Start with reality and you’ve at least a chance of finishing there. 

The Outcome

ISO 27001 certification was awarded exactly on schedule, with zero nonconformities. Since then, we have supported Nouveau with a quarterly assurance programme and change management as the business has grown and become part of the Vinci Energies Group. Our contribution was noted by the BU Director after the acquisition: “The practices that we have put in place have improved the way we run the organization. We are having risk conversations now that we wouldn’t have had 3 years ago.” On the occasion of re-certification, the external auditor commented: “This is a really good system. The KPI dashboard and ISMS performance evaluation process is one of the best I’ve seen, with full spectrum consideration of all relevant aspects.”

View all case studies

Q! Feedback

Our ISO 27001 programme had ground to a halt after trying to follow a complex “one size fits all” template without any real expertise in information security management systems. We needed a simpler approach, focused on the important aspects for our type and size of business.

QFactorial worked with us stage by stage, establishing a simple roadmap that our people could understand. They managed the development, implementation and audit processes, engaging the staff without imposing too much on too many at any one time.   

We passed the audit and achieved ISO 27001 on-time, with a usable system, supporting the business and supporting GDPR. We now use this achievement to provide assurance to our customers that we have robust information security systems in place.

Mike Tuson

Non-Executive Director, Nouveau Solutions

Interested in this story?

Speak with a Qfactorial expert

Make an enquiry
Thank you

We have recieved your enquiry and one of our specialists will be in contact with you shortly.