Boomerang achieves a cost-effective ISO 27001 success with ISMS.online

The Challenge

Boomerang was initially unfamiliar with ISO 27001 and exactly what would be involved in the route to certification. As an SME with its resources focused on the day-to-day operation of the business, it was clear that whatever path it followed must be easy to use and flexible enough to change as the company grew.

“You wouldn’t try and emulate Microsoft Office, so why try and build our own solution to manage the ISMS if others could do the job?”

Andy Allen Operations Director, Boomerang

The Solution

Boomerang embarked on the route to ISO 27001, aiming for independent UKAS certification for its information security management system (ISMS). Having had a good look around at the various options, Boomerang quickly realised that ISMS.online was a clear choice.

The ISMS.online package for small businesses was perfect for an organisation like Boomerang. It combined the platform for information security management with actionable policies that it could adopt straight out of the box to give it a big head start. This, combined with additional implementation support, meant that the Boomerang team stayed focused and on track with the really practical guidance we provided.

“The ISMS.online team invested their time into understanding our business and our goals and put together a package of remote adoption support.”

Andy Allen Operations Director, Boomerang

The Result

Boomerang’s stage 2 audit went very well and they received ISO 27001 certification.

“The auditor was really impressed with ISMS.online and said it made it very easy to audit.”

Andy Allen Operations Director, Boomerang

Boomerang is the perfect example of why the ISMS.online team created a specific package to help smaller organisations achieve their goals cost-effectively. Many smaller organisations rule out ISO 27001 as it is often seen as a costly and time-consuming option. And yet in doing so, they limit their ability to win valuable business that requires their supply chain to demonstrate compliance with their Information Security Management System.

What’s Next?

Following their ISO 27001 certification, Boomerang have started implementing further controls around business continuity with ISO 22301 BCMS. They recognise continuity of the broader business operation goes beyond ISO 27001 Annex A 17, and its importance to their customers.

ISO 22301 is a welcome addition to Boomerang’s Information Security Management, and although it won’t increase their work load by much, it will help their business stand head and shoulders above the rest. Being proactive regarding business continuity will be exactly what their customers are looking for given the current COVID-19 pandemic.

In addition, and as an extension of their ISO 27001, Boomerang are also looking at ISO 27701:2019 for privacy information management increasing due diligence around personal data.