What was the Challenge for Oldfield Partners?
- OP already held ISO 27001 certification yet felt improvements were needed to ensure the ISMS was effective in achieving its information security objectives.
- Multiple documents, spreadsheets and work processes in various different applications were negatively affecting productivity in terms of both the ISMS and the ‘day job’.
- There was an audit fast approaching where OP was keen to demonstrate improvement.
Oldfield Partners had held ISO 27001 certification for 2 years but recognised they could be doing more to ensure the ISMS delivered on its key goal of risk reduction. However, the manual documentation and processes were making it difficult to review, update and measure effectiveness and, on top of that, were negatively impacting on team productivity too. It was clear that they needed a different approach,
Andy commented, “In busy teams with other priorities you need technology to help you achieve your goals quickly, and with minimal management input, otherwise, as we were experiencing, you lose visibility and things can potentially slip. We were finding it hard to maintain our ISMS and demonstrate that it was doing its job in terms of meeting our objectives. This makes it difficult to give auditors the confidence that you are on top of things and we knew we had some non-conformities to address in those management processes before the next audit which was looming large on the horizon.”
The ISMS.online Solution
Andy recognised ISMS.online as an ‘“accelerator”’ to the improvements that were needed,
“We wanted to drive improvements and fast. The ISMS.online solution gave us structure, purpose built workspaces, and tools that enabled us to get our ISMS quickly performing the way we wanted it to. We didn’t have dedicated ISO 27001 experts in-house so the Virtual Coach service also helped us align to what the standard required.”
OP found it straightforward to migrate their ISMS to ISMS.online and were able to adopt many of the tools straight out of the box,
“The pragmatic approaches and tools were a huge bonus but we also loved the flexibility to easily adapt them to the way we wanted to work, with the guidance in the Virtual Coach package helping us address the areas that weren’t working for us in our existing ISMS.
Our ISO 27001 confidence levels had been fairly low so we found it really useful to not only have a technology solution and guidance, but also the comfort of a low cost support service we could fall back on to sanity check that we were taking the right approach.”
OP sailed through their audit process with the auditor commenting on how easy it was to visualise the ISMS, and the detail of the policies & controls, within an easily accessible environment. Andy commented,
“The auditor was pleased to see the improvement in integration of the ISMS into wider business processes rather than simply delivering Information Security in a silo. The linking between the risks and controls were easy to follow and he was also impressed with the cross-linking of controls that demonstrated to him a ‘defence-in-depth’ approach with very few controls operating in isolation.
We now have confidence in our ISMS and that it is working the way we want it to work, enabling business rather than hindering it.”
OP have continued to drive value from the platform with other use cases, including managing legislation such as GDPR but, also, helping them to organise other related projects.
“We’ve been so pleased with how ISMS.online has helped ISMS productivity that we are continuing to look at how the platform can be used to drive improvements in other business areas, such as Environmental, Social & Governance requirements, too.”
OP chose to add-on some expert support from ISMS.online,
“With the time pressures we were experiencing, the added support helped us to focus and streamline effort to particular areas of concern, quickly delivering tangible improvements. That, in turn, gave us added confidence in our ISMS and enabled an easier conversation with the auditor when that time came.”
By bringing the complete ISMS into one structured and secure online platform where all the relevant stakeholders can work together with full visibility, reporting, alerts and reminders, OP has also improved on productivity,
“We no longer waste time on unnecessary admin or have any worries about how or where to manage ISMS work processes. Everything we do is easily demonstrated in ISMS.online and this means we are now highly focused on the performance and results of our ISMS rather than on how to manage it.”
Oldfield Partners LLP (“OP”), is a boutique fund management firm. The firm manages around US$4 billion for a global client base that includes endowment funds, pension funds, charities, family offices and high net worth individuals.
The firm manages five types of equity portfolios: global (including global ex-US), global equity income, global smaller companies, Japanese and emerging markets.
OP manages equity portfolios with a distinctive approach: a limited number of holdings, long-only, no leverage, value-focussed, diversified, index-ignorant and suspicious of short-termism.