US-based Renalytix AI is an artificial intelligence-enabled in vitro diagnostics company. It focuses on optimizing clinical management of kidney disease to drive improved patient outcomes and lower healthcare costs.
That means it handles some very sensitive medical data.
“We need to prove to clients that we take information security seriously.”
That makes ISO 27001 certification a must have for the company. As a truly global infosec standard, it’s a highly effective way of creating infosec certainty. But creating an ISO 27001-ready information security management system is a big challenge.
The standard’s written in a very open-ended way, so it can be hard for organisations to work out how to apply it to their unique structures and needs. And the certification process can be complex and time-consuming, with no guarantee of first-time success.
That was the challenge Renalytix AI’s infosec team faced. They’d already started developing their ISMS. But they weren’t confident that they’d fully understood the standard and its requirements. And they weren’t sure how to steer a clear path to first time certification.
So they came to us.
“I would recommend ISMS.online for companies looking to start their ISO journey. The Virtual Coach, templates and guidance were very valuable to us.”
Why choose us?
Renalytix AI needed to work quickly and effectively towards full certification. And its infosec team wanted to make sure they really understood ISO 27001. So they started looking for an all-in-one-place ISMS solution with helpful content and flexible, expert support.
“Our internet research showed us that ISMS.online offered the best combination of out-of-the-box experience with general support and assistance.”
How we accelerated Renalytix to ISO 27001
Renalytix AI’s based in the US, we’re based in the UK, but that wasn’t a challenge. Our cloud-based SaaS solution is easily accessible from anywhere in the world. And we’ve made it as easy to use and helpful as possible.
- Renalytix AI signed up for our Virtual Coach, which offers 24/7, context-specific help and support
- Our Adopt / Adapt / Add content took the team 77% of the way to ISMS completion from their very first log-in
- Our Assured Results Method guided them all the way through ISMS implementation and certification to first-time ISO 27001 success
Our ISO 27001 and ISMS experts stood ready to help with the Renalytix AI team’s specific challenges. We began by carrying out an internal audit of their ISMS. That helped them:
- Simplify their approach to risk mapping and management
- Strengthen their ISMS’ language
- Avoid duplication of effort across its infosec policies and controls
Our senior consultant Simon Taylor documented his findings within their ISMS, showing the team how to manage their own future corrections. That’s a key guiding principle for us. As much as possible, our preloaded content and ongoing interventions both:
- Add value in their own right
- Show our customers how to solve the next problem for themselves
With Simon’s help, the team enjoyed a very successful Stage 1 external audit of their ISMS.
“The auditor was very impressed with the platform and how it all worked together. There were lots of “fantastic”, “wow”, “really good” type phrases used during the audit and the auditor had no hesitation to recommend progress to Stage 2.”
And he was by their side when they went through their second and final external ISO 27001 audit in March 2021. News that they’d achieved full certification arrived shortly afterwards.
Now it’s celebrated its ISO 27001 success, Renalytix AI is looking to:
- Maintain its current certification over its three year lifecycle and beyond
- Consider expanding its ISMS to cover other standards or regulations
Because its infosec team built their ISMS on our platform, it’s already set up for all the internal and external maintenance audits the ISO 27001 standard requires. And because our platform’s so flexible, they’ll be able to reuse any relevant ISMS work to go for other standards or show compliance with other regulations.