From ISO 27001 implementation to follow up audits with ISMS.online

Amigo is a cloud-based marketing technology platform that turns marketing ideas into brilliant digital experiences quickly and cost-effectively. Working with brands such as Hertz and IG Group, Amigo is agile marketing that allows marketers to focus on marketing and not technology.

Whilst there was no urgent driver to achieve ISO 27001 certification, Amigo’s executive team recognised that the enterprise level customers they attract were increasingly seeking information security assurance.

Amigo is always keen to differentiate itself through excellence and wanted to demonstrate its commitment to information security and protecting customer data through a UKAS accredited ISO 27001 certification.The challenge was a common one, especially for an SME.

Amigo did not have a person dedicated full time to an information security role so was looking to automate and simplify the process as much as possible. There was limited knowledge of the ISO 27001 standard, and they recognised that a traditional consultancy-led approach could be expensive and would still leave them needing to build a structure for the ISMS and consider how to manage and evidence the required work processes. Emmie Cooney, Amigo’s Operations Manager, summed up the challenge they faced:

Both Amigo and ISMS.online quickly identified the synergies between the two organisations and our ways of working.

Amigo was delighted to discover a tried and tested cloud solution with a pragmatic approach to achieving and maintaining ISO 27001 certification and the Amigo team took to the platform immediately and with no training.Emmie said: “We’re a busy team so we were happy to find there was a total ISMS solution that included frameworks, content, and tools, plus expert guidance within it. After all, our expertise is in marketing technology so we fully support the concept of ‘why build it yourself if someone else has already done it brilliantly!”

The structured approach in ISMS.online, together with their focus, led them to achieve ISO 27001 certification with very little invested time and no disruption to business-as-usual.

Great information security management is now deeply embedded in their business and maintaining the ISMS requires minimal ongoing effort.Emmie said: “The actual time invested in our ISMS implementation was probably only 2-3 weeks thanks to the massive headstart the ISMS.online platform gave us. We definitely would not have made it without the ISMS.online system or much higher investment.”