"If I was to help another company become ISO 27001 certified, I would definitely use NorthGRC"

DigitalRoute implemented NorthGRC and completed an ISO 27001 certification process in just 4 months. Today, the information security tool provides a simple overview for managing IT governance, risk, and continuous compliance.

DigitalRoute is a Swedish company and one of the leading providers of Data Integration and Data Management solutions globally. They were in the process of implementing ISO 27001 with help from external consultants when suddenly the project seemed unmanageable; Word documents and Excel sheets accumulated, it wasn’t clear what tasks should be done and how, and the deadline began to slip.

So, Irene Lundin, who is Compliance and Special Projects Manager at DigitalRoute, decided to change course. She found NorthGRC and their ISMS and met with the local consultant.

When he showed me the templates and the solution, I thought: Now I understand what the requirements for ISO 27001 are! And this tool is something that could help us.

DigitalRoute implemented the ISMS in August 2018, and by December 2018 they were ISO 27001 certified. - I can honestly say that we could never have done it this fast without NorthGRC (formerly Neupart) and their ISMS. And on top of that, everybody in the organisation got involved in the process. Even our CEO. That was really great.

Irene Lundin, Compliance and Special Projects Manager, Digital Route

Irene Lundin, Compliance and
Special Projects Manager,
DigitalRoute

Involving the organisation

Today, DigitalRoute use Secure ISMS to handle and maintain all policies and rules related to information security. The tangible visibility of working with a tool like Secure ISMS makes it easier for Irene Lundin to receive the support she needs from everybody in the organisation. And this is also useful when she discusses risk management and other security topics with the individual system owners.

- The system owners can better understand why some systems are business critical, and why others are not. Previously they focused more on their own responsibility and their own role. Now we all see our information security in a bigger picture.

Irene Lundin also uses Secure ISMS in the onboarding process. The solution automatically sends an email to all new employees with a request to read the company’s security policies and rules. The employees must check a box and confirm that they have read the information security policy and the information security rules before they can move on in the process.

Always ready for an audit

During the ISO 27001 audit, the external auditor was very pleased with what he saw in Secure ISMS. I showed him – in the solution – that all employees have read our security policy and rules. He could see how we manage our rules and the general control points we have for complying with ISO 27001.

- Our next audit is in October 2019. So, until then we work continuously to make improvements, the auditor can see everything, and we can agree on where we need to improve more. Information security becomes very transparent with Secure ISMS – for both internal and external purposes, says Irene Lundin and finishes:

If I was to help another company become ISO 27001 certified, I would definitely use Secure ISMS. Otherwise, I wouldn’t know how to do it. You can do a lot with Word and Excel, but I don’t think you can actually improve your information security without a system that handles the process. I have never seen a system like Secure ISMS that was so easy to use for that purpose.

 


Challenge:

Complete ISO 27001 certification in 4 months, obtain a deeper understanding of the whole process, and involve management.

Solution:

Implement NorthGRC and use built-in templates for handling security policies.


Result:

Easy-to-use information security tool, transparent processes ready for external audits, and full support from system owners and management.  


Contact us here if you want to know more.