Peppy is a first-of-its-kind digital employee healthcare benefit, providing expert support during major life transitions like menopause, fertility and new parenthood, via a secure app. First and foremost, the Peppy app connects users to real-life practitioners for one-to-one help and support, as and when it’s needed. This means Peppy handles large amounts of very sensitive personal information.
Naturally information security’s a big concern for Peppy co-founder Evan Harris and his team, so from day one they were thinking about ISO 27001 certification. Then, they realised that they needed it to help win big new customers and give current clients like Santander and Novartis infosec certainty.
“The success of our app relies on users having absolute confidence that their personal and professional information is being optimally handled throughout their Peppy experience. By modeling our information security management system on the ISO 27001 standards – and evidencing that commitment through certification – we are best positioned to deliver the highest possible level of security for our users and partners.”
How we accelerated Peppy to ISO 27001
When it came to working toward ISO 27001 certification, Evan and his team were starting from scratch. So they came to us for help, signing up with us in November 2019. They set themselves two ambitious targets. They wanted to have their ISO 27001 policies and controls in place by the end of 2019, with full certification following as soon as possible.
With our help, they achieved both.
“The platform gave us a massive head start compared with relying on cheaper libraries or – god forbid – creating all the documentation from scratch. We’ve found it incredibly easy to use and the support team has been phenomenal. I can’t recommend ISMS.online highly enough.”
Creating their ISO 27001 policies and controls
Our pre-loaded Adopt / Adapt / Add Content helped the Peppy team move quickly to get their policies and controls in place. It meant they started on the front-foot, 77% of the way to ISMS completion. They were able to adopt much of our guidance straight out of the box. And of course tailoring it to meet their unique infosec needs was a simple task.
This meant that, by the end of 2019, Peppy had the required policies and controls in place.
“I’m very impressed with the content and the way it’s been written”
Achieving ISO 27001 certification
Our Assured Results Method guided Peppy through that process and helped them work through the rest of ISO 27001’s requirements. It creates a clear, easy-to-follow path all the way to ISO 27001 certification. In fact, every organisation that’s followed it all the way through has achieved ISO 27001 certification first time.
Like all our customers, they could chat to our support team or access help guides from within our platform. They also drew on our ISO 27001 experts, who helped them get the most out of features like our Risk Bank and Information Asset Inventory. And we were on hand with advice and support as they successfully achieved certification in August 2020.
“In our previous audit findings, our auditors recommended the ISMS.online system, saying it was a good option.”
What’s next for Peppy
Since achieving ISO 27001 certification, Peppy have gone from strength to strength. Clients they’ve signed in the past six months alone include Aviva, Edelman, Clifford Chance, Vitality and Wickes.
“Being ISO 27001 certified isn’t the only reason organisations choose to work with Peppy, but it doesn’t hurt.”
Peppy have signed up with us for the next three years, taking the team all the way through to their first ISO 27001 re-certification. They’re also using our platform to manage their GDPR, Cyber Essentials and ISO 13485 compliance. ISO 13485 is particularly useful for them, because it shows medical service providers how to make sure they’re following all the right regulations.
And of course, looking after their compliances all in one place makes for management system simplicity, security and sustainability. Which is what ISMS.online is all about.
“I love the ISMS.online platform, I don’t know what we’d have done without it.”