How nesevo Unlocked Multi-Certification Compliance Success with IO

“The most useful IO feature was the Headstart content. The “adapt or adopt” concept was a game changer for us; the ARM also helped a lot to get going.”

Philipp Zuderell Chief Information Security Officer, nesevo

Key Takeaways

Learn how nesevo:

• Achieved ISO 27001 certification in nine months and ISO 14001 certification in three months
• Used IO’s built-in Headstart content and Assured Results Method to ensure certification success
• Are preparing to expand compliance across quality management, health and safety management, and more.

About nesevo

nesevo provides data centre and office IT services to customers across the globe. From structured cabling and data centre relocations to networking hardware procurement, technical office installations, and WiFi optimisation, the business provides a 360° service approach covering procurement, pre-configuration, logistics, installation, patching, and testing.

The Challenge

The nesevo team were preparing to pursue ISO 27001 certification, but they were struggling to manage compliance efficiently across disparate documents and spreadsheets. To streamline the process, they needed a solution that enabled them to consolidate their ISO 27001 compliance management into one platform. They also required initial guidance in understanding the standard’s structure and addressing requirements.

“The requirements of ISO 27001 were overwhelming in the beginning. I understood pretty quickly that it would be impossible to manage with only generic tools like Excel.”

Philipp Zuderell Chief Information Security Officer, nesevo

A key consideration was to ensure the team could evolve and improve their information security management system (ISMS) without requiring ongoing support and on-site visits from expensive external consultants. As such, the business needed a solution that supported the team in achieving and maintaining ISO 27001 compliance independently.

“Our tools should be convenient and easy to use, both on and off-site, while at the same time being secure.”

Philipp Zuderell Chief Information Security Officer, nesevo

The Solution

“For a company like nesevo with teams working across multiple countries and time zones, having our ISMS and EMS in a cloud-based platform is essential. It allows our globally distributed team to collaborate on compliance processes from anywhere while maintaining a consistent and transparent approach to information security and environmental management.”

Nils Kubowitsch Head of Marketing and Environmental Impact Assessor, nesevo

Philipp and the team implemented the IO platform to centralise their ISO 27001 compliance management and certification. They used the platform’s Headstart content: a bank of tools and pre-written policy and control templates. The team also followed the platform’s 11-step Assured Results Method (ARM), which enabled them to work through the compliance process without bringing in an external consultant.

“The most useful IO feature was the Headstart content. The “adapt or adopt” concept was a game changer for us; the ARM also helped a lot to get going.”

Philipp Zuderell Chief Information Security Officer, nesevo

In addition to centralising their compliance, Philipp and the team received support from IO to manage and schedule their internal and external audits. IO has an extensive partner network featuring a range of consultants and auditor partners. Team nesevo were put in contact with IO’s partners, Cybercontrols and PJR, who provided internal and external auditing respectively. These partners were also familiar with the IO platform, which streamlined the overall certification process.

“Having IO as a partner also means that we get support managing and scheduling our internal and external audits, which is something I didn’t expect, but is a huge benefit.”

Philipp Zuderell Chief Information Security Officer, nesevo

The Result

Using the IO platform to streamline their compliance management and ARM to guide the implementation process, nesevo achieved ISO 27001 certification in just nine months. The process was simplified by the guidance provided by nesevo’s dedicated compliance success manager (CSM), Wayne, who supported the team through implementation.

“I found the IO platform quite easy to use and navigate. Wayne would also follow up every 1-2 weeks during the implementation process and loop in the right people to answer all questions.”

Philipp Zuderell Chief Information Security Officer, nesevo

The business swiftly followed their ISO 27001 success with ISO 14001 certification, which they achieved in three months. Now, the team are using the platform to work towards ISO 45001 and ISO 9001 compliance and certification. Philipp shares that the IO platform’s built-in review reminder function and the content ownership and sign-off process are the most valuable for the nesevo team as they maintain and improve their ISMS and EMS.

“The review reminders, content ownership responsibilities, and the sign-off process are all ISO requirements that are taken care of by the IO platform, so you don’t have to worry about them.”

Philipp Zuderell Chief Information Security Officer, nesevo

What’s Next?

Longer-term, the nesevo team plan to accomplish both ISO 45001 and ISO 9001 certification alongside their existing ISO 27001 and ISO 14001 achievements. Using the IO platform will enable them to continue achieving, maintaining, and managing compliance without bringing in external consultants. They are also considering R2 certification, an important standard for IT asset disposition and electronics recycling businesses.