Build or upgrade your ISMS on our platform

Case Study with Boomerang

ISO 27001 success for Boomerang

A logo for Boomerang
Andy Allen
Operations Director

Andy Allen from Boomerang

The Challenge for Boomerang

Boomerang was initially unfamiliar with ISO 27001 and exactly what would be involved in the route to certification.

As an SME with its resources focused on the day-to-day operation of the business, it was clear that whatever path it followed must be easy to use and be flexible enough to change as the company grew.

The Solution

The package for small businesses was perfect for an organisation like Boomerang.

It combined the platform for information security management with actionable policies that it could adopt straight out of the box to give it a big head start.

This, combined with additional implementation support, means that Boomerang is staying focused and on track with the really practical guidance that we’ve made available.

The Journey

Boomerang’s stage 2 audit went very well and they have received ISO 27001 certification.

Andy Allen of Boomerang said: “the Auditor was really impressed with and said it made it very easy to Audit.”

That’s why created a specific package to help organisations like Boomerang achieve their goals cost-effectively.

Many smaller organisations rule out ISO 27001 as it is often seen as a costly and time-consuming option. And yet in doing so, they limit their ability to win valuable business that requires their supply chain to demonstrate compliance with their Information Security Management System.

Customer Profile

Boomerang Messaging provides automated digital communications over SMS, e-mail and voice, enabling management of time-critical alerts and notifications. Boomerang works with a range of customers and recognises the importance of demonstrating its information security credentials to them.

As such it embarked on the route to ISO 27001: 2013, aiming for independent UKAS certification for its information security management system (ISMS). Having had a good look around at the various options, Boomerang quickly realised that was a clear choice.

“You wouldn’t try and emulate Microsoft Office so why try and build our own solution to manage the ISMS if others could do the job.

It’s more than just great cloud software with everything we need for our ISMS in one place. The team behind it invested their time into understanding our business and our goals and put together a package of remote adoption support.”

Andy Allen – Operations Director, Boomerang

“We are delighted to have helped Boomerang achieve its ISO 27001 certification. Information Security is clearly growing in importance for all businesses in the supply chain but until now its been almost impossible for smaller organisations to get these credentials, ruling them out of winning new business. puts affordable and trusted information security practices within the reach of all organisations, from the smallest micro-business through to global enterprises and large supply chains.”

Mark Darby – CEO, Alliantist, the organisation behind

What’s next for Boomerang and

Following their ISO 27001 certification Boomerang have started implementing further controls around business continuity with ISO 22301 BCMS. They recognise continuity of the broader business operation goes beyond ISO 27001 Annex A 17, and its importance to their customers. ISO 22301 is a welcome addition to Boomerang’s Information Security Management, and although it won’t increase their work load by much, it will help their business stand head and shoulders above the rest. Being proactive regarding business continuity will be exactly what their customers are looking for given the current COVID-19 pandemic.

As an extension of their ISO 27001, Boomerang are looking at ISO 27701:2019 for privacy information management increasing due diligence around personal data.

Everyone we helped go for an ISO 27001 audit passed first time. You could too.