Helping Generis achieve ISO 27001

Generis helps heavily regulated organisations, working in sectors like large pharmaceutical, financial services and government, manage their content. So information security’s always been very important for it.

ISO 27001 certification became a must have when the company created a cloud version of its software, leading to a range of new security requirements. Its QA team carried out an infosec gap analysis and started work on security policies and controls.

But they weren’t sure how to turn all of ISO 27001’s requirements into a simple, secure, sustainable ISMS. Managing Generis’ infosec risks was a particular challenge, because those risks had to link back to its customers’ regulatory needs. And the team wanted to make sure that their ISMS was understood and followed by all their staff.

So Generis came to us for help, signing up in July 2020 and worked through the challenges of lockdown to achieve ISO 27001 certification by the end of the year. Now the company’s signed up with us for the next three years. And we’ll be running its internal certification maintenance audits too.

“We’re happy with everything did for us. It was a beneficial collaboration with knowledgeable people.” Olga Vovk, Head of QA, Generis

Why Generis chose us

Creating an ISMS from scratch is a complex process. Generis wanted to make it as simple as possible. Rather than reinventing the wheel, its QA team wanted to find a system with pre-built, tried and tested tools, procedures and frameworks, like

The team also needed a solution that meshed with their existing systems and could easily draw on the work they’d already done. We showed them that it’s easy to import content into or export it from, or create links between our and other platforms.

“We had found a few potential suppliers of ISMS systems and had a few demos. We were impressed by all the functionality provides and how convenient it is to use.”

And of course information security isn’t just about technology. It’s about people too. Generis saw that our experts are easy to access and very helpful indeed. And we’re always happy to create bespoke support content as and when needed.

“We’d highly recommend It’s an indispensable helper on the ISO 27001 certification journey, with a mix of great software and an experienced support team.”

How we accelerated Generis to ISO 27001

Generis had a good understanding of ISO 27001, but wasn’t sure how to turn its requirements into a fully functioning ISMS. And of course it was new to our platform. So our support team was on hand whenever help and support was needed.

“Your support team is very knowledgeable and helped us a lot while we were trying to understand how to create an ISMS from scratch.”

Risk management is a particularly complex challenge for the company. So it found our risk management tools very helpful. And our experts worked with its QA team to:

  • Review its existing risk documentation
  • Make sure that documentation was linked to the right controls within the platform
  • Help it create and customise its risk register

“’s risk management approach is especially beneficial because a separate Risk Register can be linked to each project.”

And of course everyone at Generis needed to understand the importance of its new ISMS. So we created a bespoke training programme for its 40 staff. It:

  • Explained the importance of ISO 27001 and the ISMS
  • Gave trainees clear, business-driven reasons to follow its procedures
  • Showed them what could happen if they didn’t follow those procedures

All trainees were tested on their knowledge and left with a specific, practical infosec checklist.

That made sure Generis’ staff were fully prepared for the company’s external ISO 27001 audit. The training’s become part of its onboarding process and will be repeated for all relevant staff annually, embedding its ISMS in its day-to-day corporate culture.

What’s next for Generis

Now that it’s achieved ISO 27001, Generis is already planning for its ongoing certification maintenance audits. It’s signed up with us for the next three years and we’ll be carrying out its internal audits. That’s just one example of how our platform makes ongoing ISMS maintenance and improvement a simple task.

Everyone we helped go for an ISO 27001 audit passed first time. You could too.