How we helped CCT go beyond ISO 27001 certification

CCT uses AI and machine learning to optimize ad targeting for the real estate and automotive industries. It began in Scandinavia but is currently rolling out internationally, servicing customers in more than twenty countries from a global network of eight offices.

Information security is very important to the company. In fact, they’d begun their ISO 27001 journey on their own. As cutting-edge digital experts they knew that an ISO 27001-certified ISMS boosts much more than just information security.

We work with large, rapidly growing amounts of data. We wanted to implement a new ISMS to make sure we met client needs and complied with regulations like GDPR. And there are broader business benefits. Having an ISO27001 certification is a good way of continuously improving our organization and how we manage information, and to make sure that we have all needed processes and procedures in place.” Ronny Kvalvågnes, Chief Technology Officer, CCT Group

Ronny and his team had passed their first external ISO 27001 audit with their self-built ISMS. But the audit showed them they needed some extra help and support to achieve full certification.

So they came to us.

“The platform’s a real time saver. At the same time you learn a lot about the ISO 27001 standard, making it easier to understand, implement and follow up on. Your support and consultant services are also great, having a sparring partner with a lot of knowledge is extremely valuable to any company going through these processes.”

We helped them achieve ISO 27001 certification in March 2021, on their first attempt. Now they’re using our platform to work towards management standards:

  • ISO 27701 for privacy information
  • ISO 22301 for business continuity

Why CCT chose us

Ronny’s team began by trying to build their own ISMS. But they quickly discovered that that can be a surprisingly complicated, time-consuming process. And many ISMS solutions only take you part of the way to certification.

“Initially we bought a framework and started to implement this in our current document solution. But we quickly realized that it missed some crucial parts in regards to change management, follow up etc.”

They started looking around for an all-in-one-place ISMS solution. Their ideal platform needed to:

  • Guide them to certification and support them beyond it
  • Help them understand and apply the ISO 27001 standard
  • Build on all the implementation work they’d already done
  • Link out to some externally stored content

That very quickly led them to

“After a demo we quickly decided that was perfect for us. It provided a lot of good examples and an easy to use interface, and was very flexible to suit our needs. And it gave us everything we needed for approval processes and automated reminders. All in all we saved a lot of time implementing ISO27001 by using”

How we accelerated CCT to ISO 27001

We helped Ronny and his team bring all the work they’d already done into our platform. Our Adopt / Adapt / Add content was ready and waiting for them. It starts all of our customers off with 77% of their ISMS documentation already completed.

Of course, the CCT team had already created some of their own documentation. But our content was still a big plus for them.

“’s pre-made content and examples were very useful. They extended our understanding of and learnings about the standard.”

And they had to adjust to a new platform. But that took barely any time at all.

“I also want to highlight’s structure and navigation. Once you get used to it (which takes two minutes), then it’s very easy to use and we can link risk and work to clauses etc.”

With the help of our support teams they were quickly ready for their second internal audit. They asked us to carry it out for them. It was during the 2021 Covid-19 lockdown, so it had to be a remote audit. With our platform, that’s not a problem. We suggested:

  • A pre-audit kick-off call
  • The audit itself
  • A post-audit meeting to discuss findings
  • A written report documenting those findings

Ronny gave one of our ISO 27001 experts remote access to CCT’s ISMS, so he could go through all the documentation stored on it. Many auditors have commented on how easy our platform makes that process. Then we followed up with a video call, to cover off CCT’s externally stored content.

Our feedback helped Ronny and his team fine tune their ISMS, ready for their second final ISO 27001 audit. They were awarded ISO 27001 certification in March 2021.

“Yes, the support is amazing, always really quick to give high quality answers, often an indication of a very good supplier. I also want to highlight the opportunity we took to hire consultants for coaching and internal audits from, this was great and saved us vast amounts of time.”

What’s next for CCT?

Ronny and his team love the flexibility and ease of use of our platform. It’s helping them build on their ISO 27001 achievements by going for other standards.

“We’ve decided to extend the platform to also include ISO277001 (privacy information management) and ISO22301 (business continuity management), maybe getting certified for them as well. That will further strengthen our focus on privacy and GDPR compliance, and also our business continuity planning across the organisation.”

We’ve made it as easy as possible for them to do that. Our platform supports more than just ISMSs. You can also use it create an:

  • ISO 27701 compliant privacy information management system
  • ISO 22301 compliant business continuity management system
  • Management systems for a wide range of other standards and regulations
  • Integrated management system bringing two or more of those together

Our platform’s opened up new possibilities for CCT, just like it does for all our customers. We’re very pleased and proud to accompany them on that journey.

“We are very happy about the platform and the customer service.”

Everyone we helped go for an ISO 27001 audit passed first time. You could too.