A 27001:2022 transition case study
November 22nd, 2023
|
3 min read.
Inventory Hive is beautifully easy property inventory software, provided as Software as a Service. They have operated an ISO 27001:2013 compliant ISMS for the last 3 years, and with their recertification looming, they decided that now would be a good time to transition to the new (2022) version of the Standard.
ADL were introduced to Inventory Hive through another happy client of ours.
Our initial discussions were focussed on the work required to complete the transition. However, as conversations progressed, it became apparent that we had a unique opportunity to redevelop their ISMS into something more beautiful.
We tend to see two primary versions of ISO 27001 Management Systems. They are either:
Built by consultants who want to make it impossible for the client to live without the consultant's support; or
Built by employees, who have never had to build an ISMS before and aren't really clear about what they're doing, or why
Inventory Hive were the latter. The system did the job - but it was quite apparent that there was a LOT of unnecessary stuff in the system that they couldn't explain or justify beyond "we thought that was a requirement".
So our first challenge was to strip away anything that the Standard didn't require. With what was left, we then had to figure out what was useful and what wasn't. For everything that wasn't useful, we had to find a way to meet the Standard's requirements in a way that is useful.
We then took what was left of Inventory Hive's ISMS and restructured it to make everything easier to find and more logical in its organisation.
We rebuilt the SoA, and provided "cheat sheet" linking for each control to where to find evidence of controls being in place/effective.
We then identified some key tools that were already in use within the business that could make the process of maintaining the ISMS considerably easier for them. This included providing:
Automated reminders for recurring tasks; and
Audit trails for activities (such as improvements, risk treatments, CAPs etc)
We also improved:
The event/incident management process, making capturing evidence of activities much easier
Supplier Management, substantially reducing the amount of management overhead that the previous process was creating, and streamlining the process to provide better results with less work
The finished system restructure and transition (including documentation redevelopment and setting up of new tooling) took about 8 days to complete. The result is a far easier, clearer and productive system, from which the business now sees tangible benefit and feedback that supports the business in its objectives.
The organisation has successfully completed it's ISO 27001:2022 Transition Audit, receiving a recommendation for continued certification. There were no non conformities identified.
Congratulations Inventory Hive!
Registered Office: 6 Hinckley Road, Ibstock, Leicestershire, LE676PB, UK
Company Registration No: 06684621
VAT No: 140 0539 56
Company
© ADL Consulting Ltd 2024. All rights reserved.