Boomerang achieves a cost-effective ISO 27001 success with ISMS.online

Boomerang Messaging provides automated digital communications over SMS, email and voice, enabling management of time-critical alerts and notifications. Boomerang works with a range of customers and recognises the importance of demonstrating its information security credentials to them.

Boomerang was initially unfamiliar with ISO 27001 and exactly what would be involved in the route to certification.

As an SME with its resources focused on the day-to-day operation of the business, it was clear that whatever path it followed must be easy to use and flexible enough to change as the company grew.

Boomerang embarked on the route to ISO 27001, aiming for independent UKAS certification for its information security management system (ISMS).

Having had a good look around at the various options, Boomerang quickly realised that ISMS.online was a clear choice.The ISMS.online package for small businesses was perfect for an organisation like Boomerang. It combined the platform for information security management with actionable policies that it could adopt straight out of the box to give it a big head start. This, combined with additional implementation support, meant that the Boomerang team stayed focused and on track with the really practical guidance we provided.

Boomerang’s stage 2 audit went very well and they received ISO 27001 certification.

Boomerang is the perfect example of why the ISMS.online team created a specific package to help smaller organisations achieve their goals cost-effectively. Many smaller organisations rule out ISO 27001 as it is often seen as a costly and time-consuming option. And yet in doing so, they limit their ability to win valuable business that requires their supply chain to demonstrate compliance with their Information Security Management System.

Following their ISO 27001 certification, Boomerang have started implementing further controls around business continuity with ISO 22301 BCMS.

They recognise continuity of the broader business operation goes beyond ISO 27001 Annex A 17, and its importance to their customers. ISO 22301 is a welcome addition to Boomerang’s Information Security Management, and although it won’t increase their work load by much, it will help their business stand head and shoulders above the rest. Being proactive regarding business continuity will be exactly what their customers are looking for given the current COVID-19 pandemic.In addition, and as an extension of their ISO 27001, Boomerang are also looking at ISO 27701:2019 for privacy information management increasing due diligence around personal data.