Nouveau Solutions provides a range of managed IT support services, including: infrastructure, networks, cloud services, software development and IT security.
Already mired in excessive documentation, Nouveau realised that they were travelling the wrong path to ISO 27001 certification and QFactorial were called in initially to advise, then to create a new roadmap and a simpler Information Security Management System (ISMS).
nonconformities; 80% less paperwork
QFactorial Service Offering
This was a classic case if applying our signature approach: Collaborate, Integrate, Challenge, Improve. The project was re-booted with a comprehensive risk assessment from which we were able to decide on the necessary InfoSec controls. In many cases, existing controls and initiatives were already robust enough to embody in the ISMS, including elements of the company's ISO 9001 and Cyber Essentials approvals. In other cases, controls were developed or enhanced. The resulting ISMS Manual and policies amounted to an 80% reduction in documentation.
The problem with templates for management systems is that they try to cover every clause, every detail, every eventuality. This leads everybody, especially small businesses, into the trap of over-documentation. It’s better to build a management system from the ground up rather than imposing a grand design from the top down. Start with reality and you’ve at least a chance of finishing there.
ISO 27001 certification was awarded exactly on schedule, with zero nonconformities. Since then, we have supported Nouveau with a quarterly assurance programme and change management as the business has grown and become part of the Vinci Energies Group. Our contribution was noted by the BU Director after the acquisition: “The practices that we have put in place have improved the way we run the organization. We are having risk conversations now that we wouldn’t have had 3 years ago.” On the occasion of re-certification, the external auditor commented: “This is a really good system. The KPI dashboard and ISMS performance evaluation process is one of the best I’ve seen, with full spectrum consideration of all relevant aspects.”View all case studies
Our ISO 27001 programme had ground to a halt after trying to follow a complex “one size fits all” template without any real expertise in information security management systems. We needed a simpler approach, focused on the important aspects for our type and size of business.
QFactorial worked with us stage by stage, establishing a simple roadmap that our people could understand. They managed the development, implementation and audit processes, engaging the staff without imposing too much on too many at any one time.
We passed the audit and achieved ISO 27001 on-time, with a usable system, supporting the business and supporting GDPR. We now use this achievement to provide assurance to our customers that we have robust information security systems in place.
Speak with a Qfactorial expert