How Spenn Group Unlocked ISO 27001 Success with IO and Dunamis Technology

“The IO platform acted as a single hub to link essential items like risks, assets, and controls. The integrations made it easier for us to collect evidence, manage risk, and demonstrate a clear audit trail.”

Kristian Kolstad Chief Product & Technology Officer (CPTO), Spenn Group

Key Takeaways

Learn how Spenn Group:

• Achieved ISO 27001 certification in 10 months
• Used the IO platform to streamline ISMS implementation and ISO 27001 compliance
• Leveraged Dunamis Technology’s vCISO expertise to support success
• Built a culture of information security engagement across the business.

About Spenn

Spenn Group AS (Spenn Group) builds and operates a platform enabling an ecosystem of customer loyalty programs. Based in Norway, the company operates the new Nordic loyalty currency, Spenn, established in collaboration with Strawberry, Norwegian Air Shuttle, and Reitan Retail. Spenn unifies reward programs allowing members to earn and redeem points across hotels, flights, and groceries, making it a common, flexible ecosystem for loyalty in the Nordics.

The Challenge

As a fast-growing startup, Spenn Group needed to rapidly – but strategically – implement an information security management system (ISMS) to achieve ISO 27001 certification. The business also needed to demonstrate General Data Protection Regulation (GDPR) compliance. While the team was aware of these key information security and data privacy requirements, the business did not have the internal resources required to efficiently implement ISO 27001 and align with GDPR requirements.

“We were a startup and wanted to implement information security in our work early on, since a certification was a requirement from our founders (Norwegian, Strawberry and Reitan Retail) and it would be a competitive advantage.”

Kristian Kolstad CPTO, Spenn Group

Kristian and the Spenn Group team knew that establishing and continually improving a robust, ISO 27001-certified ISMS would allow the business to protect its sensitive customer data and satisfy the trust requirements of Spenn Group’s high-profile corporate owners. In addition, successful certification and the trust associated with competent information security management would also provide a competitive advantage for the business.

The Solution

Spenn Group used the expert virtual Chief Information Security Officer (vCISO) guidance and support provided by IO partner, Dunamis Technology. The Dunamis Technology team recognised the business’s need for swift certification and recommended IO’s efficient compliance management platform to implement and manage the complex policies, controls and documentation required for ISO 27001 certification.

“Spenn Group needed to rapidly implement security as a startup while avoiding the time-consuming manual, document-centric approach some of their managers had previously experienced. This was addressed by leveraging the IO platform, which provided templates and built-in processes to get them quickly up and running.”

Ronny Stavem CEO & Head of Digital Security Services, Dunamis Technology

The platform’s built-in templates, processes and guidelines enabled Kristian and the Spenn Group team to quickly establish an ISMS with the ongoing support of Dunamis Technology.

“The pre-built content of policies, controls, and frameworks allowed us to begin the ISO 27001 implementation with a significant portion of the documentation already complete, reducing administrative overhead.”

Kristian Kolstad CPTO, Spenn Group

With Dunamis Technology’s expertise and the business’s ISO 27001 project contained within the user-friendly, intuitive IO platform, Spenn Group took a holistic, structured approach to implementing the ISO 27001 standard, working strategically through certification requirements.

“The IO platform acted as a single hub to link essential items like risks, assets, and controls. The integrations made it easier for us to collect evidence, manage risk, and demonstrate a clear audit trail.”

Kristian Kolstad CPTO, Spenn Group

Dunamis Technology ensured top management at Spenn Group was involved from early in the process and provided workshops to support progress. The vCISO support and guidance they provided enabled Kristian and the Spenn Group team to move swiftly and confidently through the ISO 27001 certification process.

“Dunamis Technology’s support allowed us to rapidly establish a robust ISMS framework, utilise the IO platform effectively, and confidently navigate the complex requirements necessary to achieve ISO 27001 certification.”

Kristian Kolstad CPTO, Spenn Group

The Result

Spenn Group successfully achieved ISO 27001 certification in around 9-10 months. Kristian estimates that by using IO and Dunamis Technology, the business achieved this in just 50% of the time it would have taken them had they used a manual, document-centric approach.

For Spenn Group, the most valuable element of using the IO platform was the ability to maintain control over the project implementation and to establish a clear overview and understanding of the ISMS structure. Kristian said: “This clarity ensured the team knew what needed to be done and why, making the entire certification process manageable.”

The IO platform’s usability and key integrations have also enabled Spenn Group to encourage employee engagement with information security, a core tenet of ISO 27001 compliance, and something Dunamis Technology had identified as vital to ongoing success.

“An unexpected but important benefit of IO was that the platform’s user-friendliness and centralised nature led to easier organisational embedding. This ensured that the security work more readily became an integrated and natural part of Spenn Group’s daily operations and culture. We are using Slack for internal communication and integrating IO with Slack has given us employee involvement.”

Kristian Kolstad CPTO, Spenn Group

Kristian also praised the support provided by the Dunamis Technology team: “Their expertise and forward-thinking approach ensured the complex implementation process was managed effectively, resulting in a smooth and confident path to achieving certification.”

What’s Next?

The Spenn Group team are focusing their efforts on the ongoing operation and maintenance of their ISMS to ensure the business sustains its ISO 27001 certification. However, the company is also considering implementing the ISO 9001 standard to expand their management systems into quality assurance.