DigitalRoute implemented NorthGRC and completed an ISO 27001 certification process in just 4 months. Today, the information security tool provides a simple overview for managing IT governance, risk, and continuous compliance.
DigitalRoute is a Swedish company and a leading global provider of Data Integration and Data Management solutions. They were in the process of implementing ISO 27001 with help from external consultants when, suddenly, the project seemed unmanageable: Word documents and Excel sheets accumulated, it wasn’t clear which tasks should be done and how, and the deadline began to slip.
So, Irene Lundin, who is Compliance and Special Projects Manager at DigitalRoute, decided to change course. She found NorthGRC and their ISMS and met with the local consultant.
When he showed me the templates and the solution, I thought: Now I understand the requirements for ISO 27001! And this tool could help us.
DigitalRoute implemented the ISMS in August 2018, and by December 2018, they were ISO 27001 certified. - I can honestly say that we could never have done it this fast without NorthGRC and their ISMS. And on top of that, everybody in the organisation got involved in the process. Even our CEO. That was really great.
Today, DigitalRoute use Secure ISMS to handle and maintain all policies and rules related to information security. The tangible visibility of working with a tool like Secure ISMS makes it easier for Irene Lundin to receive the support she needs from everybody in the organisation. And this is also useful when she discusses risk management and other security topics with the individual system owners.
- The system owners can better understand why some systems are business critical and why others are not. Previously, they focused more on their own responsibilities and roles. Now we all see our information security in a bigger picture.
Irene Lundin also uses Secure ISMS in the onboarding process. The solution automatically sends an email to all new employees requesting that they read the company’s security policies and rules. The employees must check a box confirming that they have read the information security policy and the information security rules before they can proceed in the process.
During the ISO 27001 audit, the external auditor was very pleased with what he saw in Secure ISMS. I showed him, in the solution, that all employees have read our security policy and rules. He could see how we manage our rules and the general control points we use to comply with ISO 27001.
- Our next audit is in October 2019. So, until then, we continue to work on improvements, the auditor can see everything, and we can agree on where we need to improve further. Information security becomes very transparent with Secure ISMS – for both internal and external purposes, says Irene Lundin and finishes:
If I were to help another company become ISO 27001 certified, I would definitely use Secure ISMS. Otherwise, I wouldn’t know how to do it. You can do a lot with Word and Excel, but I don’t think you can actually improve your information security without a system that handles the process. I have never seen a system like Secure ISMS that was so easy to use for that purpose.
Challenge:
Complete ISO 27001 certification in 4 months, obtain a deeper understanding of the whole process, and involve management.
Solution:
Implement NorthGRC and use its built-in templates to handle security policies.
Result:
Easy-to-use information security tool, transparent processes ready for external audits, and full support from system owners and management.