METCLOUD achieves ISO 27001 and creates new service with ISMS.online

The Challenge

Many of METCLOUD customers are regulated, including financial houses and banks. So offering information security assurances with a UKAS accredited ISO 27001 certification was becoming more important especially with GDPR imminent and increasing cybercrime.

METCLOUD knew the certification would give it a competitive edge and also help to secure existing business too. They wanted to formalise and improve their already robust security practices, rather than have a theoretical ISMS dictating how they should run their business.

The remit was for a flexible solution that would help accelerate their certification and would also allow their ISMS approach to enable new growth too. Ideally, they wanted a solution they could also offer to clients as well, one that was easy to follow given how hard ISO 27001 can be for organisations to achieve and maintain.

“Old fashioned approaches to the ISMS typically mean ‘dry’ spreadsheets that make it difficult to relate to how the ISMS operates and performs as a whole.”

Carl Vaughan Information Security Officer and Quality Manager, METCLOUD

Carl added: “Typically the ISMS falls down on meeting its information security objectives due to the complexity of capturing evidence, managing documentation and meaningful reviews. It’s the quickest way to fall foul of the auditors in your annual surveillance visits.”

The Solution

Having implemented and managed ISO 27001 the hard-way in previous organisations, METCLOUD’s InfoSec Lead, Carl Vaughan was happy to discover ISMS.online helped them build the ISMS they wanted.

“We love the fact that we now have interactive tools where we can visualise risks and their impact. The powerful linking in ISMS.online also makes it quick and simple to keep the Statement of Applicability up-to-date.”

Carl Vaughan Information Security Officer and Quality Manager, METCLOUD

Carl added: “It also clearly demonstrates why the controls are needed, which information assets you are protecting and against what. It makes prioritising risk treatment and actions much simpler.”

The Result

METCLOUD now have their ISO 27001 certification and have also been busy helping clients with their information security management systems too.

“ISMS.online is a fantastic product. We like it so much we’ve added it to the products we offer clients to complement our managed IT and security services.”

Carl Vaughan Information Security Officer and Quality Manager, METCLOUD

He added: “We think it’s a win-win-win. ISMS.online has an excellent partner who can add value to its solution and make it even more accessible to organisations who take their information security management seriously.”

It is a credit to how seriously METCLOUD take information security management that it has achieved UKAS certification for ISO 27001 so quickly with zero non-conformities and not even a single observation. We are proud that ISMS.online is a key part of making complicated processes manageable.

What’s Next?

METCLOUD also decided to build their Business Continuity Plan in ISMS.online and built an ISO 22301 framework in their platform.

“It makes perfect sense to manage all of our information security, data protection and compliance work all in one secure online platform. It’s now easy to access and we have reduced the inevitable duplication across standards and regulations, such as GDPR, simply by linking relevant requirements back to our master ISO 27001 environment.”

Carl Vaughan Information Security Officer and Quality Manager, METCLOUD

METCLOUD has embraced ISMS.online and how it raises the bar in enabling organisations to visualise, report, review and continually improve the performance of their ISMS.

If you would like to talk to us about becoming a Partner then take a look at our Partners section and get in touch with our expert team – we’ll be happy to help.