Case Study with MET

MET achieves ISO 27001 and creates new service with

METcloud logo

The Challenge for MET

MET made the decision in 2017 to implement and achieve ISO 27001 certification…

Many of its customers are regulated, including financial houses and banks. So offering information security assurances with a UKAS accredited ISO 27001 certification was becoming more important especially with GDPR imminent and increasing cybercrime.

MET knew the certification would give it a competitive edge and also help to secure existing business too. The executive team were wholeheartedly committed to the process and were clear that this would need a business-led approach. They wanted to formalise and improve their already robust security practices, rather than have a theoretical ISMS dictating how they should run their business.

The remit was for a flexible solution that would help accelerate their certification and would also allow their ISMS approach to enable new growth too. Ideally, they wanted a solution they could also offer to clients as well, one that was easy to follow given how hard ISO 27001 can be for organisations to achieve and maintain.

The Solution

Carl Vaughan joined the organisation in November 2017 as InfoSec Lead. Having implemented and managed ISO 27001 “the hard-way”in previous organisations he was happy to discover helped them build the ISMS they wanted.

“Old fashioned approaches to the ISMS typically mean ‘dry’ spreadsheets that make it difficult to relate to how the ISMS operates and performs as a whole. Typically the ISMS falls down on meeting its information security objectives due to the complexity of capturing evidence, managing documentation and meaningful reviews. It’s the quickest way to fall foul of the auditors in your annual surveillance visits.

We love the fact that we now have interactive tools where we can visualise risks and their impact. The powerful linking in also makes it quick and simple to keep the Statement of Applicability up-to-date, and clearly demonstrates why the controls are needed, which information assets you are protecting and against what. It makes prioritising risk treatment and actions much simpler.”

The Journey

MET now have their ISO 27001 certification and have also been busy helping clients with their information security management systems too.

“As an MSP, our clients use MET where resourcing is an issue. They are buying our expertise and the ISO 27001 certification further demonstrates we can be trusted.

Adding to our customer toolkit means we can also work with our customers on their information security and GDPR requirements really simply and cost-effectively online. It reduces travel and meeting time and, most importantly, means we can focus on the technical expertise for their ISMS rather than building and configuring systems for managing it.”

It’s a win-win for MET and its clients.

“Our customers get the very best ISMS that will keep their business secure, and we are able to expertly guide and assist even more organisations in improving their cybersecurity, managing change, and helping them achieve and maintain security certifications and GDPR compliance.”

We think it’s a win-win-win. has an excellent partner who can add value to its solution and make it even more accessible to organisations who take their information security management seriously.

And it wasn’t just MET who was impressed,

“Our auditor really complimented us on the pragmatic way we were managing our ISMS. She applauded how the platform made complicated processes manageable. It was one of the factors that led to us passing our certification audit with zero non-conformities, not even a single observation!”.

MET also decided to build their Business Continuity Plan in and built an ISO 22301 framework in their platform.

“Our disaster recovery plan used to be paper-based but we set about aligning it to ISO 22301 and built a framework for it in It makes perfect sense to manage all of our information security, data protection and compliance work all in one secure online platform. It’s now easy to access and we have reduced the inevitable duplication across standards and regulations, such as GDPR, simply by linking relevant requirements back to our master ISO 27001 environment.”

Customer Profile

MET Ltd is a well respected Managed Service Provider and Cyber Security expert based in Birmingham City Centre, UK. It has a strong focus on Cyber Security, IT infrastructure, technology change management and digital transformations.

The culture at MET is based on innovation and for almost 20 years, they have been among the earliest adopters for many new technologies such as the METCloud. This has established them as an expert IT partner for many household names.

MET’s solutions cover many areas and the efficiency of each one makes a positive difference to the day to day operations in a business. User productivity and business performance are driven by a secure, reliable and robust IT environment

“ is a fantastic product. I’ve done ISO 27001 the hard way in previous companies, so I really value how much time it saved us in achieving our UKAS ISO 27001 certification, and how much easier and more effective the ongoing management will be too.

In fact, we like it so much we’ve added it to the products we offer clients to complement our managed IT and security services”.

Carl Vaughan – Information Security Officer & Quality Manager at MET

“It is a credit to how seriously MET take information security management that it has achieved UKAS certification for ISO 27001 so quickly. With such great feedback from the UKAS auditor on their approach we are proud that is a key part of that.

MET has embraced and how it raises the bar in enabling organisations to visualise, report, review and continually improve the performance of their ISMS.

It is a great combination for organisations that want a complete solution of people and platform.“

Julia Heron – Solutions Specialist

Everyone we helped go for an ISO 27001 audit passed first time. You could too.