NAVEX Case Studies Enterprise Software Developer Earns ISO 27001 Certification

Edit This Case Study Record

	Enterprise Software Developer Earns ISO 27001 Certification NAVEX

Enterprise Software Developer Earns ISO 27001 Certification

NAVEX

Technology Category	Analytics & Modeling - Real Time Analytics Application Infrastructure & Middleware - Data Exchange & Integration
Applicable Industries	Software
Applicable Functions	Business Operation
Use Cases	Cybersecurity Regulatory Compliance Monitoring
Services	Software Design & Engineering Services System Integration
Challenge	The enterprise software developer, a small company with about 85 employees, set a goal to achieve ISO 27001 certification. This certification sets the standard for information security and requires a sustainable information security management system (ISMS) that can comply with all seven ISO 27001 categories. The company knew that using spreadsheets for compliance would not be sufficient due to the rigorous requirements of the certification. The Chief Technology Officer (CTO) was leading the project and needed a technology solution to build an ISMS capable of earning ISO certification. Read More
About Customer	The customer is a small enterprise software development company with about 85 employees. The company was seeking to achieve ISO 27001 certification, a globally recognized standard for information security. The certification would require the company to establish a sustainable information security management system (ISMS) that could comply with all seven ISO 27001 categories. The company's Chief Technology Officer (CTO) was leading the project. Read More
Solution	The company selected NAVEX's solution, NAVEX IRM, for its capabilities in integrated risk management (IRM). NAVEX IRM enables organizations to gain a comprehensive view of their business and operations from a risk perspective, connecting individual risk disciplines and managing them in one centralized program. The solution streamlines compliance with multiple regulations and standards, including ISO. The CTO documented ISO 27001’s seven categories of requirements in NAVEX IRM and then leveraged the solution’s functionality to meet requirements, satisfy auditors and earn certification. During the ISMS design phase, the CTO documented objectives, policies, procedures and macro roles, and developed the ISMS manual to govern the entire program, all in NAVEX IRM. Read More Log in to view content
Contents

Technology Category

Analytics & Modeling - Real Time Analytics

Application Infrastructure & Middleware - Data Exchange & Integration

Applicable Industries

Software

Applicable Functions

Business Operation

Use Cases

Cybersecurity

Regulatory Compliance Monitoring

Services

Software Design & Engineering Services

System Integration

Challenge

The enterprise software developer, a small company with about 85 employees, set a goal to achieve ISO 27001 certification. This certification sets the standard for information security and requires a sustainable information security management system (ISMS) that can comply with all seven ISO 27001 categories. The company knew that using spreadsheets for compliance would not be sufficient due to the rigorous requirements of the certification. The Chief Technology Officer (CTO) was leading the project and needed a technology solution to build an ISMS capable of earning ISO certification.

About Customer

The customer is a small enterprise software development company with about 85 employees. The company was seeking to achieve ISO 27001 certification, a globally recognized standard for information security. The certification would require the company to establish a sustainable information security management system (ISMS) that could comply with all seven ISO 27001 categories. The company's Chief Technology Officer (CTO) was leading the project.

Solution

The company selected NAVEX's solution, NAVEX IRM, for its capabilities in integrated risk management (IRM). NAVEX IRM enables organizations to gain a comprehensive view of their business and operations from a risk perspective, connecting individual risk disciplines and managing them in one centralized program. The solution streamlines compliance with multiple regulations and standards, including ISO. The CTO documented ISO 27001’s seven categories of requirements in NAVEX IRM and then leveraged the solution’s functionality to meet requirements, satisfy auditors and earn certification. During the ISMS design phase, the CTO documented objectives, policies, procedures and macro roles, and developed the ISMS manual to govern the entire program, all in NAVEX IRM.

Impact #1	The company achieved ISO 27001 certification, giving it tremendous credibility with securely managing customer data.
Impact #2	The marketplace took notice of the company's achievement, influencing the views of current customers, competitors, prospective companies, and industry analysis firms.
Impact #3	The CTO was able to answer all questions from ISO auditors with a show-and-tell in NAVEX IRM, making the audit process smoother and more efficient.

Impact #1

The company achieved ISO 27001 certification, giving it tremendous credibility with securely managing customer data.

Impact #2

The marketplace took notice of the company's achievement, influencing the views of current customers, competitors, prospective companies, and industry analysis firms.

Impact #3

The CTO was able to answer all questions from ISO auditors with a show-and-tell in NAVEX IRM, making the audit process smoother and more efficient.

Download PDF Version

Overview

Enterprise Software Developer Earns ISO 27001 Certification

Operational Impact