How Buddi achieved ISO 27001 certification in seven months

Buddi’s a UK company that develops state-of-the-art, proprietary mobile technologies for locating individuals in the health and security sectors. It was founded in 2005 and has grown quickly since then. Today it provides more than 80% of UK local authorities, and government customers around the world, with technologies that support their users.

Buddi’s solutions are all about locating people accurately and quickly, and providing that information to the people who need it. So information security has always been a big concern for them.

“We’ve been looking at ISO27001 for a number of years but struggled to find a way to efficiently map the way our business works to the standard. Early attempts involved spreadsheets and documents which became hard to manage and maintain, and took focus away from actually getting better at security.” Charles Lewinton, Chief Technology Officer, Buddi

So they came to us. We helped them achieve ISO 27001 certification in seven months.

Why Buddi chose us

The Buddi team began with a very clear idea of what they needed to achieve. Their team lead had completed a lead implementer course and they’d already started work on their ISMS scope, statement of applicability, and policies and controls.

But managing the content they were gathering and creating for their ISMS was a challenge. They were also finding it hard to practically apply their infosec learning to Buddi’s unique business needs.

“From the early discussions and demos we liked the linked and integrated nature of the platform. We felt that it would allow us to easily link all the elements of the standard together and then describe what we do and how we do it. We also liked the training materials integrated into the platform.”

How we accelerated Buddi to ISO 27001

Like all our ISMS customers, Buddi had full access to our ISO 27001 Assured Results Method (ARM) and Adopt / Adapt / Add (AAA) Content right from their very first sign in. ARM lays out a clear path to first time compliance or certification success. And our AAA Content starts you off with 77% of your ISMS documentation already complete.

“Using meant that we can map what we do quickly to ISO 27001, and then spend more time on risk assessing and evaluating the business looking for areas of improvement.”

They barely needed any support from us to build on the work they’d already done and achieve their ISO 27001 certification.

“The online tools such as the risk assessments and corrective actions tracks were probably the most useful features for us. They not only gave a way to record these items but also allowed you to link each item to the standard. This became very useful during our audit as it helped to justify each item, and showed our joined up thinking.”

What’s next for Buddi

They’ve signed up with us for three years, the life of their initial ISO 27001 certification. Our platform will help them manage and evolve their ISMS. And it’ll make sure that the internal and maintenance audits the standard requires are both successful and productive.

They’ll be all ready for ISO 27001 re-certification in 2024. And if they want to go for any other standards or show any particular regulatory compliance in the meantime, our simplified, secure, sustainable platform will be there to help them.

Everyone we helped go for an ISO 27001 audit passed first time. You could too.