CASE STUDY

Tech firm improves its existing ISO 27001 ISMS and achieves external audit success in just weeks


 

Customer profile

FISCAL Technologies is the leading provider of forensic solutions that empower purchase-to-pay teams across the globe to protect organisational spend.

Incorporating unique technology to reduce risk in the supply chain, FISCAL solutions are used on a continuous, preventative basis to protect supplier spend, defend against fraud, increase profitability and drive process improvement.

Since 2003, FISCAL has safeguarded hundreds of millions of payments and is now relied on by over 250 leading organisations.

 

FISCAL approached ISMS.online to help them improve their information security management systems and prepare to expand their ISMS to incorporate other compliance regimes.

FISCAL were already running a mature and successful UKAS accredited ISO 27001 ISMS. They were one month away from an annual audit and were keen to demonstrate improvement over the previous year.

The initial search was for a risk management tool that could take them beyond their more manual approach. They needed it to support their methodology across both existing standards and the new compliance regimes they were targeting.

After seeing ISMS.online in action, it soon became apparent to Chief Technology Officer Howard Durdle that using the platform’s full functionality could give him a fully integrated, end-to-end solution for managing his entire ISMS.

"I immediately saw how ISMS.online could reduce management time, not just through easy and effective risk management but by linking the whole ISMS in one place. As our team continues to grow it’s essential for us to be able to retain visibility and control, and ISMS.online makes that really easy.  We are looking at adopting other standards to support business growth and so it was a big plus knowing I could do them all in ISMS.online, linking with our ISO 27001 to reduce any need for duplication."
 
 

Within one month of starting, FISCAL had transferred their ISO 27001 into their ISMS.online platform and passed an external audit with no non-conformities.

 
 
Our audit was a great success; we improved on our previous performance and the auditor observed that our ISMS was really easy to follow using linked references throughout the system. We definitely attribute part of our success to ISMS.online and look forward to building on our ISMS in the months to come.
 

 

The challenges

FISCAL were already managing a mature ISO 27001 ISMS.

Risk management was being handled within a small team and, like many organisations, they used Excel as their only tool. This was identified as an area for improvement as the company continued to grow and needed more active involvement from other departments.

It was clear they needed a tight process for assigning risk owners in different offices and to easily and effectively manage workflows around treatment. Ensuring they met review dates and targets was key.

In addition, Howard had just begun to explore SSAE 16 as a requirement for their US office. He was keen to ensure his risk methodology would encompass that framework to eliminate any need for duplication.

Then there was the management of policies and controls being handled in Sharepoint.

“Sharepoint’s version control was adequate in the early days with just one or two of us working on the ISMS. However, as we’ve grown we became frustrated with its limitations when it came to collaborating around policies, evidencing our thought processes and managing approvals.”
 

 

How ISMS.online helped

ISMS.online was a perfect match for FISCAL’s goal of improving the treatment of risk across two offices and multiple staff.

We demonstrated that risks were easy and fast to evaluate using a robust methodology and that, importantly, they could be assigned to risk owners who would be alerted on due and review dates. Workflows could be captured to evidence treatment and a full audit trail created.

Howard particularly liked the visibility this gave him to ensure the ISMS stayed on track and they didn’t miss targets.

 
 

FISCAL are now also using the platform for their policies and controls management, audits, management reviews, and for managing corrective actions and improvements.

“Being able to contain all our ISMS work in one environment where we can seamlessly link within it, collaborate around it, control, measure and improve performance is a huge time saver.”
 
Integrated ISMS
 

Howard also gained unexpected benefits from being able to access our own accredited policies and controls.

“It was a simple process to transfer our existing policies and controls to the platform and we were able to review those included within the software as we did it. ISMS.online allowed our management team to compare and debate the pros and cons of two sets of policies and, in certain areas, we liked the way ISMS.online approached the standard so much that we decided to adopt their methodology as a way of improving our processes and controls”
“In addition we’ve ‘future-proofed’ our ISMS. When we come to add other compliance regimes such as Cyber Essentials and PSN CoCo, the frameworks are already there and there will be no duplication or repetition across standards.” 
 

 

The Results

FISCAL are only a month into using ISMS.online. Already they have transferred their ISO 27001 and ISMS Board to the platform, and had an external audit that improved on past performance.

Having easily mastered ISO 27001 within the system, adding future compliance frameworks will be no problem.

Howard and his team are already seeing the benefits of improved ways of working that make managing their ISMS easier and more effective.

 
 
We are delighted and our auditor was impressed. We are looking forward to rolling ISMS.online out to all staff as our next step to improving engagement and effectively managing compliance.