“ISO 27001 has given us a framework to work around, so all the policies we have developed now come from the standard. They give everyone a clear understanding that this is what you can do, this is what you can’t do, and this is best practice.”
Gary MacLeod, Marketing Representative
Lanier are a managed IT Support Provider, primarily providing professional IT services to the healthcare, charity, education and private business sectors. They strive to be a single point of contact for all IT needs.
• Now meet information security requirements of their clients
• Formalised processes, proving commitment to data security
• The toolkit helped to understand what the standard meant for them
• Due to success of ISO 27001, are now also working towards ISO 9001
“There’s so much concern around information security now, so people are looking for assurance from their provider that what they do is secure and that their business is protected. It’s no longer enough to say “we are secure”, people want proof.”
THE CHALLENGE
Gary MacLeod, Lanier’s Marketing Representative, took on the role of implementing the Information Security Management Standard. He explained why the internationally recognised standard was imperative to the business’ ongoing success;
“There’s so much concern around information security now, so people are looking for assurance from their provider that what they do is secure and that their business is protected. It’s no longer enough to say “we are secure”, people want proof.”
Meeting expectations and requirements of clients is crucial to Lanier;
“The main reason why we went for ISO 27001 was because a lot of our clients are NHS based or affiliated. The NHS are really focussing on information security – it’s one of their number one concerns at the moment.”
THE SOLUTION
Once Lanier established the need for ISO 27001, they had to choose an appropriate ISO 27001 consulting service to work with to obtain their certification;
“A key factor when looking for an ISO consulting service was that they were accredited – which ISMS ALLIANCE are! Trying to understand how the whole system tied together was a bit confusing for us at first, but the way they explained it was easy to understand – this was another main reason behind choosing ISO 27001 Solutions.”
Gary explained that having robust processes and a framework to benchmark the business against would be a great outcome of implementing ISO 27001, helping to develop the organisation;
“It’s about putting everyone on the same page and allowing us to have a framework against which we can track how people are performing. ISO 27001 has given us a framework to work around, so all of our policies we have developed now come from the standard. They give everyone a clear understanding that this is what you can do, this is what you can’t do, and this is best practice.”
THE RESULTS
Lanier were awarded certification just one month after their Stage 1 Audit;
“The process of implementing ISO 27001 was much easier than we expected, and as a result
of having the management system we feel we are much better off as a company.”
Gary commented on how implementing the Information Security Management Standard has benefitted the business;
“Internally it’s enabled us to formalise our processes. We’re an IT company, so we take information security very seriously – but previously a lot of what we were doing wasn’t as formalised as it could have been.”
He continued by outlining how ISO 27001 is now used to develop their existing staff to ensure they all operate at the same level. It also plays a big part in the recruitment and staff training processes;
“We’re getting better and better at what we do. It’s allowed us to improve the way we train and develop our staff.”
Following the successful implementation of the standard, Lanier are now working towards certification to ISO 9001, the Quality Management Standard;
“We have achieved ISO 27001 and are on the way to becoming ISO 9001 certified now too.”