Helping iProov improve their ISMS for easier maintenance and recertification

The Challenge

In order to win the trust of that significant customer base, iProov had to achieve independent certification against ISO 27001. The organisation also follows numerous other security standards and regulations to meet the domestic and international requirements of the markets it operates in.

iProov was starting to prepare for their third-year recertification against ISO 27001 and wanted to make some improvements to the ISMS. They also wanted to move away from the spreadsheets and documents to a more suitable software solution that would scale as they continue to grow. That solution needed to save time, be easy to use, and reduce human intervention and the associated costs of compliance management.

“We recognised that improvements were needed across all areas of our ISMS. We wanted to create a business-integrated and driven information security culture, so we reviewed all of our processes and updated our documentation. We wanted to live and breathe our ISMS.”

Dominic Forrest Chief Technology Officer, iProov

The Solution

iProov and ISMS.online were both recognised by Tech Nation as one of the UK’s top 20 exceptional cyber security companies in 2019. Andrew was aware that other Tech Nation businesses were using ISMS.online. He listened to their feedback and requested a demonstration of the platform. Following this, Andrew, and his CTO Dominic Forrest, were in no doubt ISMS.online was the technology solution they needed for their ongoing ISMS success.

The recertification and improvement became challenging when their key ISMS lead implementer was taken unwell at a crucial point. Fortunately, the ISMS.online team were able to provide a physical service aiming to close their capacity gap through the help of Simon Taylor, Information Security Expert. Simon helped iProov achieve migration and improvement goals inside the fast approaching recertification deadline.

“We passed our 4 day recertification audit with no findings, despite the sudden extended absence for illness of our Chief Compliance Manager. ISMS.online stepped in and not only provided the software service we needed, but also helped us to migrate our ISMS, audit parts of the system, and make improvements all in just 2 weeks with one of their information security experts helping close our capacity gap.”

Andrew Bud Chief Executive Officer, iProov

Following surveillance audit feedback iProov had been gradually improving their ISO 27001 documentation but they were struggling to live and breathe the ISMS.

“ISMS.online has helped us communicate with staff around policy changes. All our employees now know where to find company processes, and during our audit we were able to use Policy Packs to evidence that staff had read our policies and controls.”

Dominic Forrest Chief Technology Officer, iProov

Within an extremely compressed timeframe, ISMS.online enabled iProov to collate all of their existing policies and processes into an “all-in-one-place” ISMS whilst in parallel reviewing all of their controls and making prioritised improvements. This included a thorough re-examination of their information asset inventory and information security risks to provide clear justification and prioritisation for those improvements.

The Result

In just 13 days iProov migrated all of the ISO 27001 documentation into ISMS.online, they evidenced their processes, and completed an internal audit.

“The flexibility of the platform allowed us to migrate our existing policies and controls quickly and easily.”

Dominic Forrest Chief Technology Officer, iProov

Dominic added: “Working with Simon was fantastic; he’s pragmatic, knowledgeable and his ‘can-do’ attitude accelerated the recertification process. As a result, we were able to achieve certification in weeks as opposed to months.”

The certification auditor commented that ISMS.online gave iProov a simple, yet comprehensive presentation of documentation and evidence. The use of ISMS.online made the audit easier to conduct and gave real assurance that information security was being managed effectively.

“The iProov team was extremely focused during the migration, which when combined with the help of ISMS.online resulted in them not only achieving recertification, but they also demonstrated a significant improvement in the overarching ISMS management.”

Simon Taylor Information Security Expert

What’s Next?

iProov are already proving ISMS.online is more than an information management platform.

“We’ve started using the platform in ways that we hadn’t envisaged and it’s already adding value in more areas than our ISMS. We’re in the process of moving all of our Human Resource administration into Tracks. We’re looking forward to using ISMS.online for more than Information Security Management.”

Dominic Forrest Chief Technology Officer, iProov

We will continue to work with iProov to improve their business processes and the ongoing management of their ISMS. If you would like to talk to us about how we can help your business then book a demo today.