How Evolution Funding Cruised to ISO 27001 Certification Success

Evolution Funding is an FCA-regulated motor finance brokerage. The business provides digital finance solutions that help their partners build motor finance journeys and transform the customer experience of taking out motor finance. Evolution Funding’s scope and capabilities go beyond that of a traditional broker; its innovative digital finance solutions are shaping the motor finance industry.

Achieving ISO 27001 certification was a core objective for Evolution Funding.

As the business had grown and innovated, it had progressed its offering further into the technological space, with market-leading finance software solutions, motor finance lead generation capabilities, a proprietary Digital Finance API, and more. These developments made demonstrating robust information security management crucial.

However, the Evolution Funding team required a centralised platform with which they could implement the ISO 27001 standard and work through the compliance process. They were originally using SharePoint, which offered a strong solution for managing documentation, but didn’t allow the team to easily collect evidence or connect it to their information security management system (ISMS) policies and controls.

To streamline the ISO 27001 certification process, Evolution Funding leveraged the IO platform.

The team migrated their existing documentation from SharePoint into IO, which enabled them to consolidate their compliance management, ensure documents were stored in suitable areas of the platform, and gain a live overview of their progress in their dashboard.

Initial implementation was straightforward. Jen used the platform’s user management feature to add users to relevant projects and assign different levels of access as needed. This also simplified the process of giving access to third parties, such as internal and external auditors.

As they worked through the compliance process, Jen and the team used the platform’s built-in policy and control templates as guidance. They used IO’s ‘adopt, adapt, add’ capabilities to tailor templates with their own custom content as needed, ensuring they were relevant to Evolution Funding’s specific information security needs.

Using the IO platform to centralise and streamline their compliance, Evolution Funding successfully achieved ISO 27001 certification in 18 months.

They accomplished this despite the business’s original external auditing body experiencing resourcing challenges that delayed the process.

Jen shared that the IO platform saved the business a considerable amount of time:

Quarterly meetings with their dedicated Compliance Success Manager (CSM), Wayne, continue to add real value for the business. These meetings support an open line of communication, with Wayne often identifying new solutions to help Evolution Funding achieve specific objectives within the platform. For example, the business recently required an ‘exceptions to policy’ rule that enables the team to use specific tools for a certain amount of time before the IO platform automatically prevents use again.

The business plans to progress the use of the IO platform for compliance management.

Evolution Funding is part of a wider group, Evolution Group, and the next steps include adding sister companies, Creditas and Motion Finance, into the scope of its ISO 27001 ISMS.

In addition, the team are looking at either expanding the ISO 27001 use case or implementing Cyber Essentials for other businesses in the Evolution Group that may not fall under the scope of their existing ISMS.