How Calrom Bolsters Customer Trust with ISO 27001 Certification

Founded in 2007, Calrom is a software development company that specialises in group booking solutions for airlines. As part of the Travel Innovation Group, Calrom powers its sister brands, Lime and Aviate, with comprehensive flight booking technology designed for tour operators and travel agents.

Through close partnerships with airlines and industry stakeholders, Calrom gains deep insight into industry-specific challenges, enabling them to design solutions precisely tailored to operational needs.

The Challenge

As global scrutiny of supplier and third-party vendor security intensified, Calrom’s customers began requiring ISO 27001 certification as a prerequisite for continued partnership. Calrom recognised that certification was no longer optional. It was essential to demonstrate their commitment to information security and maintain customer trust.

Beyond meeting customer requirements, Calrom aimed to strengthen its cybersecurity and reduce operational risk. Building an ISO 27001-compliant Information Security Management System (ISMS) would address all three objectives simultaneously.

While Calrom had established a solid security foundation, including policies, controls, an asset register, and network and vulnerability monitoring tools, the business lacked a ISMS. With no prior experience in ISO 27001 implementation, Calrom needed expert guidance to navigate the certification process efficiently and ensure a successful outcome.

“It was difficult to know where to start and what the best way of achieving our goals was, so we needed a solution to help us and point us in the right direction.”

Chris Jones Cyber Security Analyst and Designated Information Security Manager, Calrom

The Solution

Calrom adopted the IO platform to support their ISO 27001 compliance and certification journey, centralising their policies, controls, tasks, risk assessment and treatment, evidence management and more. Calrom also followed our 11-step Assured Results Method (ARM) to streamline the compliance process.

“The templates provided were very useful in helping us understand what information was required and gave good examples of the format expected.”

Chris Jones Cyber Security Analyst and Designated Information Security Manager, Calrom

Using ARM, team Calrom easily identified and implemented the ISO 27001 controls relevant to their business. They utilised the full functionality of the platform, including policy and procedure templates to meet ISO 27001 control requirements, a corrective actions and improvements track to monitor and resolve any issues, the risk management function to identify and mitigate risks, and more.

“The Assured Results Method and the templates that were provided in effect ensured we met each of the controls of ISO 27001 and reduced the time needed to achieve certification.”

Chris Jones Cyber Security Analyst and Designated Information Security Manager, Calrom

The Results

“The biggest difference was the speed at which we could complete the controls, and that the platform provided us with the knowledge of the steps required.”

Chris Jones Cyber Security Analyst and Designated Information Security Manager, Calrom

Using the IO platform to centralise compliance management and ARM to guide implementation, Calrom built a robust, ISO 27001-compliant ISMS and successfully achieved ISO 27001 certification in just 12 months.

“Without the IO platform, I strongly believe we would still not have achieved compliance by now and would still be continuing to implement the policies, procedures and controls and all of the other aspects of our ISMS.”

Chris Jones Cyber Security Analyst and Designated Information Security Manager, Calrom

Being ISO 27001 certified has met and exceeded the business’s initial objectives. Certification has enhanced Calrom’s customer relations, enabling the team to maintain and foster customer trust by demonstrating the business’s commitment to security.

In addition, with ISO 27001 controls in place and the business continuing to align with the standard’s requirement for continuous improvement, Calrom now has a robust, evolving approach to information security that can adapt to business changes and new requirements.

“I would highly recommend IO and their platform to anyone wanting to achieve ISO 27001 and implement a robust Information Security Management System.”

Chris Jones Cyber Security Analyst and Designated Information Security Manager, Calrom

Chris also praised the support Calrom received from the IO customer success and support teams throughout the certification process. [They] said: “The team have been great to work with and very helpful. They have provided a lot of guidance and support, and always respond in a timely manner to any communications we have with them.”

What’s Next?

Now that Calrom has achieved ISO 27001 certification, Chris and the team are looking at additional certifications for the future, including artificial intelligence, such as the best practice ISO 42001 certification and business continuity planning certification ISO 22301.