When it came to formalising its commitment to ISO 27001 with certification, Resolver Group chose to turn trust into certainty.

Resolver logo
Chris O’Byrne
CTO at Resolver Group

Resolver Group is the market leader in consumer complaint resolution. Its extensive insight into consumer complaint data and innovative services helps it to champion better outcomes for everyone. Resolver offers a unique, independent online resolution service free of charge. It provides one place and one process to connect consumers directly to people who can resolve their customer service issues. Providing this kind of service requires secure handling of large amounts of high value, personal data.

When Resolver got in touch with, it was with a singular objective: to achieve ISO 27001 certification to demonstrate the strongest possible commitment to information security to its customers, professional network and auditors. They’d gone through their Stage 1 audit, identifying a lot of improvement required. With just under six weeks to go to the Stage 2 audit, they sought out as the tool to help them manage and implement their Corrective Actions and Improvements.

Following an exceptionally successful ISO 27001 certification in May 2020, we spoke with Chris O’Byrne, Chief Technology Officer at Resolver Group to find out why he chose to deliver certainty within his organisation.

Resolver Group had passed their Stage 1 audit without So we asked Chris, “Why did you choose to implement ahead of Resolver’s Stage 2 audit?”

“The decision was one of the easiest I’ve ever made.”

“I was tasked with expediting the process to ISO 27001 certification, using the best system to achieve the highest possible standard. Our intention was never to treat this as a box-ticking exercise. We wanted Resolver to fully benefit from the new controls brought in with ISO 27001, and the first step I took was to engage to help us do this. I’d used previously, so the decision was one of the easiest I’ve ever made. The platform is so effective and easy to use; a brilliantly thought through set of tools, which holds your hand throughout the entire process.

“So much thought has gone into the structure and user experience. I love being able to easily share a bird’s eye view with the board and clients while, at the same time, being able to manage and collaborate on details with my stakeholders.

“The functionality is exact and holds the user to account with real audit logs that can’t be overridden. It’s clear continues to evolve, remaining a leader at what it does. Since I’d last used the system, new features and functionality have appeared. The easy knowledge sharing and employee policy sign-off tools save a lot of headaches!”

“I can’t imagine anybody using and ever being able to consider returning to the old days of trying to manage it all themselves through those massive folder structures that were once so popular.”
Chris O’Byrne, CTO at Resolver Group

In preparation for their ISO 27001 Stage 2 audit, Resolver sought the support of Simon Taylor, Information Security Expert.

“…incredibly approachable and knowledgeable…”

“We had a fairly aggressive deadline target. In order to achieve this, we engaged specific support from’s ISO 27001 specialist Simon Taylor. Having an expert on-site with us to help and provide advice towards the end of the project made a huge difference.

“Unlike many operators in the InfoSec/Policies world, the support team are incredibly approachable and knowledgeable, getting straight to the point with clear answers. This is a sign of true experts – in the field of information security, compliance and business continuity management, but also in customer service.”
 Chris O’Byrne, CTO at Resolver Group

“When I began working with Resolver, they didn’t have much time to prepare for their Stage 2 audit. They had already implemented numerous improvements in line with the auditor’s recommendations and findings from their Stage 1 audit, so although there was a lot of work to do, they were in a good position.

“We followed the Assured Results Method, starting with a review of the core requirements in clauses 4, 5, and 6. We were able to quickly move on to a review of their information asset inventory, risk register, and risk treatment plan, enabling us to validate the controls in place for mitigating identified risks. While conducting these reviews across the management system requirements prior to the Stage 2 audit, I was also able to document the findings as an internal audit and fulfil another requirement of the standard.”
Simon Taylor, MSc M.Inst.ISP M.IoD M.Inst.LM

See how simple it is with