Nouveau Solutions provides a range of managed IT support services, including: infrastructure, networks, cloud services, software development and IT security.
Already mired in excessive documentation, Nouveau realised that they were travelling the wrong path to ISO 27001 certification and QFactorial were called in initially to advise, then to create a new roadmap and a simpler Information Security Management System (ISMS).
nonconformities; 80% less paperwork
QFactorial Service Offering
This was a classic case if applying our signature approach: Collaborate, Integrate, Challenge, Improve. The project was re-booted with a comprehensive risk assessment from which we were able to decide on the necessary InfoSec controls. In many cases, existing controls and initiatives were already robust enough to embody in the ISMS, including elements of the company's ISO 9001 and Cyber Essentials approvals. In other cases, controls were developed or enhanced. The resulting ISMS Manual and policies amounted to an 80% reduction in documentation.
The problem with templates for management systems is that they try to cover every clause, every detail, every eventuality. This leads everybody, especially small businesses, into the trap of over-documentation. It’s better to build a management system from the ground up rather than imposing a grand design from the top down. Start with reality and you’ve at least a chance of finishing there.
ISO 27001 certification was awarded exactly on schedule, with zero nonconformities. Managing Director, Andy Stevens, summed up the impact of the new ISMS during a management review meeting: “Everybody is thinking differently now, and information security is part of every conversation”. The partnership is continuing via a series of quarterly “health checks” to ensure that the ISMS remains effective and is sustained long after the euphoria of passing the certification audit.View all case studies
Our ISO 27001 programme had ground to a halt after trying to follow a complex “one size fits all” template without any real expertise in information security management systems. We needed a simpler approach, focused on the important aspects for our type and size of business.
QFactorial worked with us stage by stage, establishing a simple roadmap that our people could understand. They managed the development, implementation and audit processes, engaging the staff without imposing too much on too many at any one time.
We passed the audit and achieved ISO 27001 on-time, with a usable system, supporting the business and supporting GDPR. We now use this achievement to provide assurance to our customers that we have robust information security systems in place.
Speak with a Qfactorial expert