How KPS is strengthening and unifying infosec management across multiple offices using ISMS.online

The Challenge

KPS decided to pursue ISO 27001 certification primarily because it is becoming a critical requirement for both existing and potential clients. But achieving certification was extra challenging because of KPS’s decentralised set-up — with four offices across three countries using different systems and processes due to past acquisitions. 

KPS faced several challenges which hampered information security management and oversight at enterprise level: 

• Varying levels of information security maturity across multiple sites
• Decentralised, siloed data held across various spreadsheets, emails, and people’s heads
• Inefficient review and approval processes via email chains

Initially, the KPS team considered using spreadsheets and SharePoint to manage the ISO certification process — but soon realised the complexity involved. They decided to invest in a specialised solution to help them efficiently implement and manage a robust information security management system, including embedding a culture of compliance.

“The main challenge was aligning three regional offices that are used to operating fairly independently and varied significantly in risk management and compliance practices — and within a tight timeframe. We had to unify everybody into a standard way of working for ISO 27001 accreditation.”

Peter Wells Risk and Compliance Manager, KPS

The Solution

After demoing different tools, KPS chose ISMS.online for its ease of use, compatibility with KPS’s existing single sign-on app, and comprehensive resources to help achieve ISO 27001 accreditation.

Implementing ISMS.online was straightforward. KPS staff find it easy to learn and use — even for non-native English speakers.

“ISMS.online does exactly what we need it to do. The single sign-on through our current identity management provider — rather than having to install an extra app — was a big plus which other solutions didn’t offer.”

Peter Wells Risk and Compliance Manager, KPS

ISMS.online provides guidance, content, control attributes, risks, and suggested controls, all ready for KPS to adopt, adapt, or add to, as required — all in one centralised, user-friendly platform. Digital signatures streamline approval processes.

“ISMS.online’s setup is great because it pushes you to be compliant straight out of the box: you need to do this, this, and this. ARM is very helpful because it guides you through each step of the ISO process in an organised way, so you can achieve certification relatively quickly but also to the required standard.”

Peter Wells Risk and Compliance Manager, KPS

The Result

Just three months into their ISO 27001 certification journey, KPS has already seen significant improvements in data management efficiency. Using ISMS.online has streamlined workflows, improved visibility, and fostered easier collaboration, making it simpler to manage and track tasks across different locations.

KPS is bolstering its market position simply by working towards certification — landing two new contracts thanks to this.

“We’ve already won a couple of contracts based on the understanding that we will be ISO 27001 compliant by the end of this year.”

Peter Wells Risk and Compliance Manager, KPS

ISMS.online is playing a critical role in increasing accountability within KPS. The platform’s real-time progress tracking, clear assignment of tasks, and automated reminders ensure everybody knows what they need to do — and oversight is much easier.

“ISMS.online is great for organising work. Having a centralised, web-based tool means staff can access it from anywhere, and it’s straightforward to see who’s responsible for what and who has tasks outstanding.”

Peter Wells Risk and Compliance Manager, KPS

Adopting ISMS.online has catalysed a cultural shift towards stronger information security compliance and risk management within KPS — sparking important internal conversations and highlighting existing strengths.

“A major benefit of implementing ISMS.online is that it’s forced us to have a lot more conversations internally around risk management and compliance, which historically we’ve seldom done as a group. Reassuringly, it’s also highlighted the brilliant work already going on. It’s been an eye opener.”

Peter Wells Risk and Compliance Manager, KPS

What’s Next?

With their eyes firmly set on achieving certification by the end of 2024, the KPS team is now focusing on implementing policy packs for staff and suppliers. Monitoring compliance is straightforward with digital signatures in ISMS.online.

Despite working to an ambitious deadline, having ISMS.online is boosting KPS’s audit confidence.

“Having ISMS.online is going to be a massive benefit during the audit process. Instead of giving the auditors large binders stuffed with documents, everything will be web-based, and easy to find and view.”

Peter Wells Risk and Compliance Manager, KPS

For more information, visit our ISO 27001 solutions page or contact us to see how we can help your business.