How Tai Tarian achieved ISO 27001 certification 50% faster with ISMS.online

The Challenge

In 2021, as cybersecurity was becoming an increasing concern for organisations, Tai Tarian’s technology and innovation (T&I) team decided to take a strong stance and pursue ISO 27001 certification. Amongst its competitors and suppliers, few if any had ISO 27001 certification, yet the risks were growing.

“We wanted to become ISO 27001 compliant to show we take cybersecurity seriously. Another housing association in Wales was hacked recently, and it cost them many zeros, a lot of downtime, and reputational damage.”

Scott Taylor Technology and Innovation Compliance Manager, Tai Tarian

While highly competent IT professionals, none of Tai Tarian’s T&I team had much previous ISO 27001 experience. Although they were already following good security practices, there was room to improve documentation, standardisation, and risk management. Getting staff buy-in to achieve ISO 27001 certification was vital.

“A big challenge was getting everybody on board with improving our compliance and risk management,” said Scott. “You can’t just tell them it’s happening: you’ve got to bring them along and get them to work with you.”

The Solution

Tai Tarian has an ongoing partnership with expert IT infrastructure and services provider Softcat, led by their Account Director, Lian Staunton. To lay a strong foundation for ISO 27001 success, Lian aligned Softcat’s internal advisory team to work alongside Tai Tarian’s T&I team. Together, they created a clear structure and roadmap for Tai Tarian to work toward achieving certification.

Softcat helped Tai Tarian implement ISMS.online. The compliance team then set to work on ensuring the right processes, policies, and information were in place for ISO 27001 certification.

Tai Tarian found the ISMS.online corrective actions tracker provides a useful visual tool for easier monitoring and accountability, which facilitated staff engagement. Challenging tasks like creating a risk register were simplified by ISMS.online’s templates and comprehensive reference information.

“The risk bank within ISMS.online really helped us out and sped us along, because we weren’t starting from scratch. It enabled us to start documenting and managing risks much quicker than we would have done otherwise, and we probably covered them more thoroughly as well.”

Jon Edwards Technology and Innovation Compliance Data Officer, Tai Tarian

From the start, Softcat has played a significant role in Tai Tarian’s ISO success, providing tailored advice, guidance, and hands-on support. As well as the practical benefits, this partnership also gives the T&I team confidence that they can overcome whatever challenges arise.

“Softcat are integral to what we do,” added Scott. “They take the weight off us and get things happening. Lian Staunton is Miss Fixit: I’ve not yet come across anything that she can’t sort for us.”

The Result

Tai Tarian passed its first ISO 27001 audit with zero recommendations for improvement — a particularly impressive feat given they started with a relatively inexperienced team. 

“ISMS.online sped up our certification process by 6–12 months. And what I’m most proud of is that we passed our first audit with no major or minor errors, with a team less than 3 years old and without hardcore ISO certification experience.”

Scott Taylor Technology and Innovation Compliance Manager, Tai Tarian

Tai Tarian now has a large body of evidence and documentation as part of its ISO 27001 compliance and accountability. Previously they had one security policy, now they have nearly 30. Employees have written 260 knowledge-based articles in the last two years. 

Tai Tarian has strengthened its risk management processes across the board. If a new supplier doesn’t have ISO 27001, a director has to review and sign off acceptance of this risk. Using ISMS.online has led Tai Tarian staff to develop a stronger sense of ownership and accountability for compliance and risk management. 

“Having ISMS.online has changed our ways of working. Because we’ve been constantly prompting people to provide evidence, it’s now become the norm. Colleagues now proactively bring evidence to us — we’re not begging any more.”

Jon Edwards Technology and Innovation Compliance Data Officer, Tai Tarian

Tai Tarian’s relationship with Softcat continues to flourish, demonstrating the ongoing benefits of their partnership.

“I am thrilled to have played a role in the fantastic achievement led by Scott, Jon, and Steph. Tai Tarian is a brilliant partner to work with, and this showcases the fantastic things that are possible when two organisations trust each other and work together with respect, trust and transparency.”

Lian Staunton Account Director, Softcat

What’s Next?

Far from resting on their laurels, the T&I compliance team are now working towards ISO 9001 certification.

“We’re very proud of what we’ve achieved, and we wanted to set the bar for our suppliers and stakeholders to understand our position of zero trust. They can see our investment and know we take security seriously.”

Scott Taylor Technology and Innovation Compliance Manager, Tai Tarian

Having already used ISMS.online for ISO 27001 2017 and 2022 versions, they found it straightforward to set up and use a new cluster for 9001. They’ve also moved their business risk register into ISMS.online.

“We know ISMS.online pretty well now and it’s relatively simple to use, so it wasn’t an issue at all to start using it for more than one ISO.”

Jon Edwards Technology and Innovation Compliance Data Officer, Tai Tarian

If you would like results like this then get in touch with us today to see how we can help your business.