How Spenn Group Unlocked ISO 27001 Success with IO and Dunamis Technology

Spenn Group AS (Spenn Group) builds and operates a platform enabling an ecosystem of customer loyalty programs. Based in Norway, the company operates the new Nordic loyalty currency, Spenn, established in collaboration with Strawberry, Norwegian Air Shuttle, and Reitan Retail. Spenn unifies reward programs allowing members to earn and redeem points across hotels, flights, and groceries, making it a common, flexible ecosystem for loyalty in the Nordics.

As a fast-growing startup, Spenn Group needed to rapidly – but strategically – implement an information security management system (ISMS) to achieve ISO 27001 certification.

The business also needed to demonstrate General Data Protection Regulation (GDPR) compliance. While the team was aware of these key information security and data privacy requirements, the business did not have the internal resources required to efficiently implement ISO 27001 and align with GDPR requirements.

Kristian and the Spenn Group team knew that establishing and continually improving a robust, ISO 27001-certified ISMS would allow the business to protect its sensitive customer data and satisfy the trust requirements of Spenn Group’s high-profile corporate owners. In addition, successful certification and the trust associated with competent information security management would also provide a competitive advantage for the business.

Spenn Group used the expert virtual Chief Information Security Officer (vCISO) guidance and support provided by IO partner, Dunamis Technology.

The Dunamis Technology team recognised the business’s need for swift certification and recommended IO’s efficient compliance management platform to implement and manage the complex policies, controls and documentation required for ISO 27001 certification.

The platform’s built-in templates, processes and guidelines enabled Kristian and the Spenn Group team to quickly establish an ISMS with the ongoing support of Dunamis Technology.

With Dunamis Technology’s expertise and the business’s ISO 27001 project contained within the user-friendly, intuitive IO platform, Spenn Group took a holistic, structured approach to implementing the ISO 27001 standard, working strategically through certification requirements.

Dunamis Technology ensured top management at Spenn Group was involved from early in the process and provided workshops to support progress. The vCISO support and guidance they provided enabled Kristian and the Spenn Group team to move swiftly and confidently through the ISO 27001 certification process.

Spenn Group successfully achieved ISO 27001 certification in around 9-10 months.

Kristian estimates that by using IO and Dunamis Technology, the business achieved this in just 50% of the time it would have taken them had they used a manual, document-centric approach.For Spenn Group, the most valuable element of using the IO platform was the ability to maintain control over the project implementation and to establish a clear overview and understanding of the ISMS structure. Kristian said: “This clarity ensured the team knew what needed to be done and why, making the entire certification process manageable.”The IO platform’s usability and key integrations have also enabled Spenn Group to encourage employee engagement with information security, a core tenet of ISO 27001 compliance, and something Dunamis Technology had identified as vital to ongoing success.

Kristian also praised the support provided by the Dunamis Technology team: “Their expertise and forward-thinking approach ensured the complex implementation process was managed effectively, resulting in a smooth and confident path to achieving certification.”

The Spenn Group team are focusing their efforts on the ongoing operation and maintenance of their ISMS to ensure the business sustains its ISO 27001 certification.

The company is also considering implementing the ISO 9001 standard to expand their management systems into quality assurance.