Helping Generis simplify their path to ISO 27001 certification

Generis helps heavily regulated organisations manage their content, including sectors like large pharmaceutical, financial services and government. This means information security has always been very important for the business.

ISO 27001 certification became a must have when the company created a cloud version of its software, leading to a range of new security requirements.

The Generis QA team carried out an infosec gap analysis and started work on security policies and controls.But they weren’t sure how to turn all of ISO 27001’s requirements into a simple, secure, sustainable ISMS. Managing Generis’ infosec risks was a particular challenge, because those risks had to link back to their customers’ regulatory needs. And the team wanted to make sure that their ISMS was understood and followed by all their staff.So Generis came to us for help, signing up in July 2020 and worked through the challenges of lockdown to achieve ISO 27001 certification by the end of the year.

Creating an ISMS from scratch is a complex process. Generis wanted to make it as simple as possible.

Rather than reinventing the wheel, the QA team wanted to find a system with pre-built, tried and tested tools, procedures and frameworks, like ISMS.online.The team also needed a solution that meshed with their existing systems and could easily draw on the work they’d already done. We showed them that it’s easy to import content into or export it from ISMS.online, or create links between our and other platforms.

And of course information security isn’t just about technology. It’s about people too. Generis saw that our experts are easy to access and very helpful indeed. And we’re always happy to create bespoke support content as and when needed.

Generis have achieved their ISO 27001 certification and gained a better understanding of ISO 27001 through the use of the platform and the guidance of our support team.

They found our risk management tools very helpful. Our experts worked with the QA team to review their existing risk documentation and make sure that documentation was linked to the right controls within the platform. We also helped to create and customise their risk register.

And of course everyone at Generis needed to understand the importance of its new ISMS. So we created a bespoke training programme for their 40 staff which explained the importance of ISO 27001 and the ISMS. It gave trainees clear, business-driven reasons to follow its procedures and showed them what could happen if they didn’t follow those procedures.

All trainees were tested on their knowledge and left with a specific, practical infosec checklist. That made sure all staff were fully prepared for the company’s external ISO 27001 audit. The training has now become part of the onboarding process and is repeated for all relevant staff annually, embedding the ISMS into the day-to-day corporate culture.

Now that they have achieved ISO 27001, Generis are already planning for their ongoing certification maintenance audits.

They have signed up with us for the next three years and we will be carrying out their internal audits. That’s just one example of how our platform makes ongoing ISMS maintenance and improvement a simple task.If you would like to talk to us about how we can help you with your ISO 27001 and compliance goals then book a demo today.