iQuda

ISO 27001

case-study-iquda-banner

THE CHALLENGE

Garth Macintosh, iQuda’s Marketing Representative, took on the role of implementing the Information Security Management Standard. He explained why the internationally recognised standard was imperative to the business’ ongoing success;

“There’s so much concern around information security now, so people are looking for assurance from their provider that what they do is secure and that their business is protected. It’s no longer enough to say “we are secure”, people want proof.”

Meeting expectations and requirements of clients is crucial to iQuda;

“The main reason why we went for ISO 27001 was because a lot of our clients are NHS based or affiliated. The NHS are really focussing on information security – it’s one of their number one concerns at the moment.”

THE SOLUTION

Once iQuda established the need for ISO 27001, they had to choose an appropriate Certification Body to work with to obtain their certification;

“A key factor when looking for an ISO provider was that they were UKAS accredited – which BAB are! Trying to understand how the whole system tied together was a bit confusing for us at first, but the way BAB explained it was easy to understand – this was another main reason behind choosing BAB.”

Garth explained that having robust processes and a framework to benchmark the business against would be a great outcome of implementing ISO 27001, helping to develop the organisation;

“It’s about putting everyone on the same page and allowing us to have a framework against which we can track how people are performing. ISO 27001 has given us a framework to work around, so all of our policies we have developed now come from the standard. They give everyone a clear understanding that this is what you can do, this is what you can’t do, and this is best practice.”

THE RESULTS

iQuda were awarded certification just one month after their Stage 1 Audit;

“The process of implementing ISO 27001 was much easier than we expected, and as a result of having the management system we feel we are much better off as a company.”

Garth commented on how implementing the Information Security Management Standard has benefitted the business;

“Internally it’s enabled us to formalise our processes. We’re an IT company, so we take information security very seriously – but previously a lot of what we were doing wasn’t as formalised as it could have been.”

He continued by outlining how ISO 27001 is now used to develop their existing staff to ensure they all operate at the same level. It also plays a big part in the recruitment and staff training processes;

“We’re getting better and better at what we do. It’s allowed us to improve the way we train and develop our staff.”

Following the successful implementation of the standard, iQuda are now working towards certification to ISO 9001, the Quality Management Standard;

“We have achieved ISO 27001 and are on the way to becoming ISO 9001 certified now too – and we will absolutely be using the British Assessment Bureau.”


more about iso 27001 certification