Following a very successful UKAS ISO 27001 recertification exercise, we spoke to iProov to find out how their recertification went and why they chose ISMS.online.

A logo for iProov
Andrew Bud
Founder and CEO

What is iProov?

iProov creates digital trust with biometric authentication. The success of its patented Flashmark technology has resulted in a number of major global banks, including ING and Rabobank adopting iProov’s systems for online logon, step-up authentication, and for remote identity verification. iProov is also working with Government organisations including the US Department of Homeland Security and the UK Government.

iProov’s world-leading face authentication process ensures that online users are genuinely present in uncontrolled environments, combining face biometrics and anti-spoofing. Its unique approach to spoof prevention, world-class deep learning technologies and focus on sustainable security have given them an unrivalled global reputation.

Why did iProov undertake ISO 27001 in the first place?

In order to win the trust of that significant customer base, iProov had to achieve independent certification against ISO 27001. The organisation also follows numerous other security standards and regulations to meet the domestic and international requirements of the markets it operates in.

Why did iProov select ISMS.online to improve its information security management system and aid the recertification work?

iProov was starting to prepare for their third-year recertification against ISO 27001 and wanted to make some improvements to the ISMS. They also wanted to move away from the spreadsheets and documents to a more suitable software solution that would scale as they continue to grow. That solution needed to save time, reduce human intervention and the associated costs of compliance management, and be easy to use now, as well as in future as the business grows.

iProov and ISMS.online were both chosen as one of the UK’s top 20 exceptional cyber security companies in 2019. As such Andrew Bud CBE FIET, Founder & CEO of iProov and Mark Darby, Founder & CEO of ISMS.online, met on the coveted programme. Andrew was aware that other Tech Nation businesses were using ISMS.online. He listened to their feedback, and requested a demonstration of ISMS.online. Following this Andrew, and his CTO Dominic Forrest, were in no doubt ISMS.online was the technology solution they needed for their ongoing ISMS success.

The recertification and improvement became challenging when their key ISMS lead implementer was taken unwell at a crucial point. Fortunately, the ISMS.online team were able to provide a physical service wrap service in the form of lead Information Security Expert, Simon Taylor. He helped iProov achieve migration and improvement goals inside the fast approaching recertification deadline.

“The Tech Nation organisations are aiming to become leaders in their field. They, like others, recognise the growing importance of ISO 27001 for customer trust and investor confidence. We’d already helped a number of our cohort with their ISMS goals and were delighted to step up and help iProov achieve their recertification goals at short notice too.”

Following his experience with ISMS.online Andrew Bud said, “We passed our 4 day recertification audit with no findings, despite the sudden extended absence for illness of our Chief Compliance Manager. ISMS.online stepped in and not only provided the software service we needed, but also helped us to migrate our ISMS, audit parts of the system, and make improvements all in just 2 weeks with one of their information security experts helping close our capacity gap.”

How did iProov approach InfoSec before using ISMS.online?

iProov were managing their ISMS in word documents and spreadsheets. Whilst it can work for a very basic set of policies, managing ISO 27001, and then other standards makes this an unreliable method. Using documents and cloud storage is an all too familiar story which often leads to organisations falling out of sync with their documented policies and controls.

In this case, iProov was already ISO 27001 certified. Although they needed to prepare for recertification, they also wanted to take the opportunity to update their policies and controls to create a new information security new culture.

“We recognised that improvements were needed across all areas of our ISMS. We wanted to create a business-integrated and driven information security culture, so we reviewed all of our processes and updated our documentation. We wanted to live and breathe our ISMS.”

Andrew Bud CBE FIET, Founder and CEO

What challenges did iProov have, what was your driver and how did ISMS.online meet your needs?

Following surveillance audit feedback iProov had been gradually improving their ISO 27001 documentation but they were struggling to live and breathe the ISMS.

“ISMS.online has helped us communicate with staff around policy changes. All our employees now know where to find company processes, and during our audit we were able to use Policy Packs to evidence that staff had read our policies and controls.”

Dominic Forrest, CTO at iProov

As part of their migration into ISMS.online they reviewed all of their policies and controls, their Information Asset Inventory and their Risk Register. Instead of importing their data into ISMS.online, they took advantage of the opportunity to assess all aspects of their ISMS.

Along with the support of Simon Taylor, Information Security Expert, the ISMS Board at iProov reviewed their policies and controls to ensure that they were doing what they said they were doing. They also completed a new risk discovery exercise and redid their information asset inventory to ensure they were living and breathing their ISMS.

“Within an extremely compressed timeframe, ISMS.Online enabled iProov to collate all of their existing policies and processes into an “all-in-one-place” ISMS whilst in parallel reviewing all of their controls and making prioritised improvements. This included a thorough re-examination of their information asset inventory and information security risks to provide clear justification and prioritisation for those improvements.”

Simon Taylor, Information Security Expert

Their team had a lot to do and only a short space of time to do it in. ISMS.online helped them work through their policies and controls at a fast pace ensuring completeness throughout.

“We felt like we had the best of both worlds. We were able to use our existing processes, and the Adopt, Adapt content that comes with ISMS.online as standard which gave us a new depth to our ISMS.”
Dominic Forrest, CTO at iProov

The external auditor from Certification Europe was impressed with the migration to ISMS.online and said it addressed all the areas of improvement exceptionally well.

How quickly did ISMS.online contribute to your ISO 27001 recertification success?

In just 13 days iProov migrated all of the ISO 27001 documentation into ISMS.online, they evidenced their processes, and completed an internal audit.

“The flexibility of the platform allowed us to migrate our existing policies and controls quickly and easily. Working with Simon was fantastic; he’s pragmatic, knowledgeable and his ‘can-do’ attitude accelerated the recertification process. As a result, we were able to achieve certification in weeks as opposed to months.

Dominic Forrest, CTO at iProov

“The iProov team was extremely focused during the migration, which when combined with the help of ISMS.online resulted in them not only achieving recertification, but they also demonstrated a significant improvement in the overarching ISMS management.

The certification auditor commented that ISMS.online gave iProov a simple, yet comprehensive presentation of documentation and evidence. The use of ISMS.online made the audit easier to conduct and gave real assurance that information security was being managed effectively.”

Simon Taylor, Information Security Expert

iProov are already proving ISMS.online is more than an information management platform.

“We’ve started using the platform in ways that we hadn’t envisaged and it’s already adding value in more areas than our ISMS. We’re in the process of moving all of our Human Resource administration into Tracks. We’re looking forward to using ISMS.online for more than Information Security Management.”

Dominic Forrest, CTO at iProov

We will continue to work with iProov to improve their business processes and the ongoing management of their ISMS.

Everyone we helped go for an ISO 27001 audit passed first time. You could too.