Data breaches have risen by 70% globally in Q3 of 2022, reinforcing the requirement for many to seek out Information Security solutions, especially those within the tech space.
Today we speak to Triaster, who have been in operation since 1994, providing businesses with process mapping and execution software to help drive business improvement.
Triaster’s Business Operations Manager, Jane Duncan, explains why they sought to implement ISO 27001, what challenges they faced and what they learned during their certification journey.
[00:54] Get to know Jane Duncan – Triaster’s Business Operations Manager who has recently started fostering dogs for a local charity.
[01:41] Who are Triaster? In short, they build software solutions that drive business improvement. They are a thought leader in their field and strive to create new software to meet business needs.
[02:25] What was the main driver for achieving ISO 27001? In 2020, they had certified to the Quality Standard, ISO 9001, and saw the many benefits that come with ISO certification. They saw ISO 27001 as both an opportunity and a necessity due to their work within the IT industry. ISO 27001 is seen as a mark of trust and provides a central framework to improve data security.
[04:28] How long did It take to implement ISO 27001? They started looking at certification bodies and consultants to help with implementation in March 2021. The project overall lasted six months, with their assessments taking place in September and October of the same year. They also chose to recertify to ISO 9001 at the same time – this aligned both Standards under one Integrated Management System.
[06:35] If you are considering implementing multiple ISO’s, it’s recommended to integrate them into a single Management System. This reduces the costs of implementation and is overall easier to maintain.
[07:17] What was the biggest gap identified in Triaster’s initial Gap Analysis? They had a lack of security policies in place in addition to a lack of processes that would have mitigated potential data security risks.
[08:00] What was the biggest difference ISO 27001 made? They now do regular annual SWOT and PESTLE’s that are evaluated at Management Reviews. Risks identified during those reviews are added to a risk register and are used to develop the necessary objectives and controls needed to mitigate future risk.
[08:38] Other differences include the ability to track non-conformities, security risks and opportunities for improvement. They also have the confidence to prove their data security credentials to clients and have the required documentation to back it up. Tendering processes are also made easier by having ISO 27001 as it is often a requirement that can now be ticked off.
[09:25] Triaster use Infrastructure partner (who are also ISO 27001 certified) and can now hold them accountable for the services they provide.
[09:50] Jane states that they are now a much better business following the Implementation of both ISO 9001 and ISO 27001 – continually improving their processes and scrutinising working practices.
[10:54] All of the same security practices can be done by those who are homeworking at Triaster
[11:05] What has been the main lesson learned? The process if certification is a journey – it’s about continually improving and truly adopting the ethos of Information Security into every aspect of the business.
[11:52] What are the main benefits? They hope their clients can see their efforts and have confidence in Triaster’s ability to keep their data secure. They also now have the processes in place that drive continual Improvement.
[12:33] Jane’s top tip: Document what you do as a business and look for gaps. Also, certification is a journey, and you shouldn’t stop striving to improve once you achieve certification.
[13:00] What book would you recommend and why? Internal Auditing in plain English: A simple guide to super effective ISO Audits by Craig Cochran
[14:15] Jane’s favorite quote: “No one is you, and that is your superpower”
We’d love to hear your views and comments about the ISO Show, here’s how:
Subscribe to keep up-to-date with our latest episodes: