Introduction: In an era where digital transformation is pivotal, e-learning platforms are at the forefront of providing accessible education worldwide. A venture-backed enterprise software company embarked on a mission to achieve an ISO 27001 certification. After nearly 18 months of internal investment and no progress to show for it,  the enterprise brought in TalPoint to get the right team together to get them on the path to ISO certification.

Problem: With an expanding user base, a partner-centric sales approach, and increasing scale, the necessity for a robust cloud security solution became paramount both internally, as well as to customers and partners of the business. The absence of an end-to-end cloud security framework exposed the enterprise to potential data breaches, compliance violations, and operational disruptions, which could detrimentally impact its business.

Engagement: To navigate through this complex security landscape, the enterprise enlisted the expertise of TalPoint. The primary objective was to find them a subject matter expert to design an end-to-end Information Security Management System (ISMS) and implement ISO 27001.

Solution: In working with the client, TalPoint enlisted network experts to execute on a four-pronged approach:

1. Risk Assessment: During the Risk Assessment phase, assets and resources within the organization were identified alongside potential threats and vulnerabilities that could impact them. A subsequent analysis was performed to understand the likelihood and the impact of the risks, which were then evaluated against the organization’s risk acceptance criteria to determine their significance.
2. Implementation of the Information Security Management System (ISMS) and Remediation: In this phase, the ISMS was designed based on the outcomes of the risk assessment to mitigate or treat identified risks. This involved the implementation of necessary policies, procedures, and controls. Remediation steps were taken to address any identified gaps or shortcomings from the desired ISMS state and a roadmap was developed to ensure non-conformities were addressed in an adequate manner.
3. Internal Audit: Preparation for the 3rd party audit involved gathering necessary documentation and ensuring that all implemented controls were operating effectively. As per the ISO 27001 standard, the internal audit report was completed prior to the 3rd party audit.
4. 3rd Party Audit Support: TalPoint experts stayed on through the 3rd party audit. They served as the tip of the spear to help theclient get through the audit, including fielding questions from the auditor and helping to address any identified issues. By serving as the main point of contact for the audit, the TalPoint expert significantly reduced the burden on the organization and ensured a smooth audit process.

Conclusion: At the end of the 6 month project, TalPoint’s client was ISO 27001 certified – in record time nonetheless. Even more important, they were able to demonstrate to their prospects, customers, and partners one of the highest levels of security maturity. In a competitive market, this will help them differentiate their offering in the market.