Market Research Agency achieves UKAS accredited ISO 27001 by using ISMS.online after other approaches failed
BrainJuicer was founded in 1999 with one goal in mind: to reinvent market research. Clients seek them out when the traditional methodologies have failed them, to facilitate change within their organisations and to turn true human understanding into business advantage.
Now they employ 200 staff and have been voted the world's most innovative research agency. It is the only agency to have won ESOMAR's Best Methodology award two times in the last 24 years, plus numerous other awards for innovation, research excellence, and entrepreneurship.
Like most organisations BrainJuicer deals with confidential customer information. It made the decision to seek ISO 27001 certification based on increasing customer demands for independent assurance, alongside a desire internally to keep improving information security practices.
The organisation had an awareness of information security, but was new to the requirements of ISO 27001. It initially hired an expert on information security but that didn't lead to the results it had expected.
Having had that first experience, which cost a large amount of money as well as time, the firm were more purposeful second time around, undertaking extensive research on alternative solutions.
It found ISMS.online and achieved the goal. Emma Cooper, Director of BrainJuicer echoed her positive satisfaction by stating,
“The real proof is in the recent award of our UKAS accredited certification which we are really excited about. ISMS.online played a major part in this success...we just wish we’d found it sooner! I’m confident we will achieve our business goals from having it too.”
ISMS.online enables a whole system approach to the ISMS. It also offers a simple and versatile management method for almost any culture that is sustainable as the organisation continues to change and grow. Alex Batchelor is COO and he went on to say,
“Everything is on the platform - we don’t need to remember stuff or where it is, the platform has it all. Ongoing management is easy now including responding to the growing number of customer questionnaires on information security.”
ISMS.online quickly equipped Brainjuicer with everything they needed for success, and they met their goal.
BrainJuicer had already invested in an implementation yet it failed to deliver on the promise.
BrainJuicer had never sought any form of accreditation or certification before and was new to the whole ISO 27001 market. Like most organisations at this stage they ‘Googled’ it and were daunted by the seemingly enormous task ahead. Given their size and maturity, the staff already had day jobs to focus on so they took the decision to hire an information security officer. That was a big investment and, as they found out, not the recipe for success they had hoped for.
Leaving the implementation to one designated officer, with a completely different cultural experience and a different set of goals, made the process challenging for everyone involved. If you give someone a day job, they want to achieve it, but that needs real consideration in terms of impact on behaviour and existing working practices for those in scope of the ISMS.
Whilst BrainJuicer tried to create its own document repository for policies and controls, there was no way of easily engaging stakeholders for development and approval of the content. So they relied on meetings and emails with lots of documents flying around. There were endless meetings, development of policies and changes to processes that people didn’t really buy into or see how it would help them in practice.
When trying to work out how far they had got towards implementation, it was too hard to tell. As such the inability to actually see progress was also demotivating.
Soon, it became clear, they were losing interest and momentum. So they reacted to find an alternative solution.
How ISMS.online helped
ISMS.online is focused on equipping organisations with all the policies, tools and frameworks for success by using our powerful cloud software. However we start with asking about the organisation goals and existing ways of working to ensure our cloud platform is the right solution, and the policies & controls that get developed are fit for living their purpose.
In BrainJuicer we had the feeling that information security was the ‘tail wagging the business dog’ and that their ISMS was getting in the way of ‘business as usual’. We quickly addressed that to reinforce they should design their ISMS with their organisation goals and working practices in mind, not the other way round.
We then equipped them with the ISMS.online platform for a rapid gap analysis with much better visibility of their starting point and the road ahead. They had actual achieved something in that earlier implementation, and we quickly helped them see it.
One of the big things they enjoyed with ISMS.online during the initial implementation was that ability to see work going on. It also gave great insight to their gap analysis and where attention was needed. It helped them plan and deliver to their desired deadlines too. Emma Cooper took on the implementation lead role and she said,
"It was brilliant to see we were actually 47% complete with ISMS.online in no time at all. That gave us the enthusiasm and momentum to drive ahead".
The ISMS.online software also gave BrainJuicer structure to its policies & controls environment, and gave their management team the tools to collaborate around the ISMS. They were able to get much more focus and better results with the risk tool in ISMS.online. By providing everything in one place it offered transparency of progress to guide decisions and actions.
We asked Emma what BrainJuicer’s biggest success factor was 2nd time round….
“Having the right leadership in place to ensure that the way we wanted the ISMS to work was congruent with our culture and way of getting things done. It’s no good accepting a consultants generic policies, or hiring someone who comes from a completely different culture as it will simply not be embraced by your team. Worst case you lose your best performers because of the shackles you have implemented and it can kill your current business. Done well, ISO 27001 is a business enabler. We couldn’t have achieved it without ISMS.online. It gave us all the software tools and support to achieve success with the way we wanted to work.”