Tech firm improves its existing ISO 27001 ISMS and achieves external audit success in just weeks

The Challenge

FISCAL were already managing a mature ISO 27001 ISMS.

Risk management was being handled within a small team and, like many organisations, they used Excel as their only tool. This was identified as an area for improvement as the company continued to grow and needed more active involvement from other departments.

It was clear they needed a tight process for assigning risk owners in different offices and to easily and effectively manage workflows around treatment. Ensuring they met review dates and targets was key.

In addition, Howard had just begun to explore SSAE 16 as a requirement for their US office. He was keen to ensure his risk methodology would encompass that framework to eliminate any need for duplication.

Then there was the management of policies and controls being handled in Sharepoint.Howard Durdle, Chief Technology Officer explained:

“Sharepoint’s version control was adequate in the early days with just one or two of us working on the ISMS. However, as we’ve grown we became frustrated with its limitations when it came to collaborating around policies, evidencing our thought processes and managing approvals.”

The Solution was a perfect match for FISCAL’s goal of improving the treatment of risk across two offices and multiple staff.

We demonstrated that risks were easy and fast to evaluate using a robust methodology and that, importantly, they could be assigned to risk owners who would be alerted on due and review dates. Workflows could be captured to evidence treatment and a full audit trail created.

Howard Durdle, Chief Technology Officer particularly liked the visibility this gave him to ensure the ISMS stayed on track and they didn’t miss targets.

Within one month of starting, FISCAL had transferred their ISO 27001 into their platform and passed an external audit with no non-conformities.

Our audit was a great success; we improved on our previous performance and the auditor observed that our ISMS was really easy to follow using linked references throughout the system. We definitely attribute part of our success to and look forward to building on our ISMS in the months to come.

Howard Durdle

Chief Technology Officer, Fiscal Technologies

Customer profile

FISCAL Technologies is the leading provider of forensic solutions that empower purchase-to-pay teams across the globe to protect organisational spend.

Incorporating unique technology to reduce risk in the supply chain, FISCAL solutions are used on a continuous, preventative basis to protect supplier spend, defend against fraud, increase profitability and drive process improvement.

Since 2003, FISCAL has safeguarded hundreds of millions of payments and is now relied on by over 250 leading organisations.

The journey

FISCAL approached to help them improve their information security management systems and prepare to expand their ISMS to incorporate other compliance regimes.

FISCAL were already running a mature and successful UKAS accredited ISO 27001 ISMS. They were one month away from an annual audit and were keen to demonstrate improvement over the previous year.

The initial search was for a risk management tool that could take them beyond their more manual approach. They needed it to support their methodology across both existing standards and the new compliance regimes they were targeting.

After seeing in action, it soon became apparent to Chief Technology Officer Howard Durdle that using the platform’s full functionality could give him a fully integrated, end-to-end solution for managing his entire ISMS.

FISCAL are now also using the platform for their policies and controls management, audits, management reviews, and for managing corrective actions and improvements.

I immediately saw how could reduce management time, not just through easy and effective risk management but by linking the whole ISMS in one place. As our team continues to grow it’s essential for us to be able to retain visibility and control, and makes that really easy.  We are looking at adopting other standards to support business growth and so it was a big plus knowing I could do them all in, linking with our ISO 27001 to reduce any need for duplication.

Being able to contain all our ISMS work in one environment where we can seamlessly link within it, collaborate around it, control, measure and improve performance is a huge time saver.


Howard Durdle

Chief Technology Officer, Fiscal Technologies

Howard also gained unexpected benefits from being able to access our own accredited policies and controls…

It was a simple process to transfer our existing policies and controls to the platform and we were able to review those included within the software as we did it. allowed our management team to compare and debate the pros and cons of two sets of policies and, in certain areas, we liked the way approached the standard so much that we decided to adopt their methodology as a way of improving our processes and controls”

In addition we’ve ‘future-proofed’ our ISMS. When we come to add other compliance regimes such as Cyber Essentials and PSN CoCo, the frameworks are already there and there will be no duplication or repetition across standards.

Recognise the benefits of ISO 27001

If you, like Fiscal Technologies, recognise the benefits of ISO 27001 discover how can simplify your implementation and give you a cost-effective tool for the ongoing management of your ISMS

Join our comprehensive demonstration webinar