ISO 27001 Case Study

GSA Global offers tailored security assurance assessments and support with the intention of securing the assets, personnel, property, information, and reputation of its clients. As a Group, GSA Global delivers specialised expertise in secure and sensitive environments, assisting organisations with their physical and cyber security threats. This enables companies to be better prepared to identify, prevent, mitigate, and respond to emerging threats.

With an extensive background in UK policing, armed forces, counter terrorism and national security, GSA Global is able to bring together unparalleled skills and experience to address the full spectrum of threats and risks for their clients. By leveraging the diversity and depth of global expertise from cyber, ex-police and military teams, we are also able to provide bespoke problem-solving capabilities, services and solutions.

The process

The organisation asked GSA Global to support them through the ISO 27001 assessment process, prior to audit, and provide guidance across all touchpoints. The client leveraged the expertise of external consultants to provide an in-depth assessment of potential resources and key areas to address.

The biggest challenge for the client was understanding the scale of the task. The company undertook ISO 27001 because it needed to be able to demonstrate this certification to its government and corporate clients as well as ensuring the organisation was compliant with GDPR. This meant ensuring internal personnel data was kept confidential, understanding how they communicate internally with clients, and dealing with recruitment. Without ISO 27001 in place, the company could not contract with its clients, so it was vital for the business to operate.

The solution

GSA Global has an extensive range of internal processes and documentation to conduct a thorough assessment. We enabled employee awareness on ISO27001, highlighting its impact on key business operations as well as establishing the foundations for improved compliance and training. The assessment also allowed us to identify the nature of policies in effect and provide a detailed gap analysis pinpointing the key pain points and areas of concern to the client.

“It’s not a box ticking exercise, you need to understand what you have in place and how it will affect you and make sure you understand things, take a step back and look at your suppliers holistically themselves from a cyber perspective. Our consultant brought massive value, a subject matter expert in his field and incredibly approachable. We had a loose system for dealing with our ISMS, but they brought a huge amount of discipline making us create committees, documentation, follow-up actions, changing our mindset, being dynamic around these processes rather than responsive.”

The result

Through the process, GSA Global was able to strengthen the information security profile within the company’s group of businesses, delivering harmonisation and standardisation that is vital when keeping track of new businesses and different units.

The assessment also gave the business a better understanding of ISO 27001, its implications, and the need to integrate across all internal levels of the organisation. The company found an external body – which could assess, identify and advise on compliance – extremely helpful.

The extensive plan provided the business with a better understanding of ISO27001, allowing them to build credibility with their client base and obtain the certification which was crucial for their growth and development.

“It’s a huge project and not to be undertaken lightly.”, said a spokesperson at the company. “The benefit is having someone who can guide you through the process. GSA Global was hugely supportive on that journey and ensured that we only dealt with the areas we needed, which reduced the requirement to undertake a lot of unnecessary work.”

Our assessment allowed the business to only deal with critical areas while supporting the business throughout the process. We were able to effectively guide the business from end-to-end, preparing them for external audits. The business now understands the complexities of an external audit, including which sections are covered and best practices to avoid duplicating sections. We were also able to improve the company’s understanding of how to stay on track during an audit, including key topics and parameters for consideration.

Resources

Recent resources

Home Office Case Study

GSA was asked to support the National Asylum Intake Unit (NAIU) with the screening of asylum applicants who had arrived in the UK by small boats across the English Channel.

Public and Governmental Administration Security and Risk Management Home Office Immigration NAIU Resourcing

Read post

DHSC and MOD Operation Pitting Case Study

GSA received an urgent request to support the evacuation of Afghan nationals to the UK. We supplied round-the-clock staff for evacuees at airport arrivals to manage immediate welfare needs.

Public and Governmental Administration Investigations & Crisis Management Hotel Managed Quarantine Service (MQS) Resourcing

Read post

GSA Global have acquired MHG Corporate Risks

GSA Global acquired MHG Corporate Risks in January 2024. MHG offer employee vetting services and will further strengthen our business in insider risk management.

Vetting, Due Diligence and Investigations

Read post