MedAll Limited is a Northern Ireland based HealthTech organisation which has developed a cloud-hosted software platform which manages the career portfolio for Healthcare professionals, to monitor their professional development and through the platform, offers open access to both individuals and institutions seeking a more customised solution. Recognising how beneficial an ISO27001 certification could be to the business, Quadra were commissioned by MedAll to analyse their existing business processes and measure them against the requirements of ISO27001, the international standard for information security management systems, with the goal of achieving ISO27001 certification throughout the business.
Why ISO 27001?
MedAll recognised the massive benefits implementing ISO27001 could bring to the business in standardising operational processes throughout the business and setting a pathway for continuous improvement internally, through embedding the information security management system within MedAll. ISO27001 certification would give MedAll clients assurance that their data security was being taken seriously and that security controls were being independently audited and verified.
ISO 27001 does not only focus on Information Technology but focuses on every part of your organisation which is involved in processing information. Implementation means that your organisation will carry out a risk-based review of your current information security controls, identify the threats and vulnerabilities that may exist and build a management system to reduce or eliminate these threats or vulnerabilities.
The implementation process
MedAll recognised the massive benefits implementing ISO27001 could bring to the business in standardising operational processes throughout the business and setting a pathway for continuous improvement internally, through embedding the information security management system within MedAll. ISO27001 certification would give MedAll clients assurance that their data security was being taken seriously and that security controls were being independently audited and verified.
What did Quadra do?
Quadra met with MedAll to understand the business unit operations, gather information, and access the existing information security processes against the requirements of ISO27001. A risk assessment was conducted after this review to identify key information assets and potential threats and vulnerabilities to these assets. A risk treatment plan was then conducted to address any threats and vulnerabilities identified through the risk assessment process. Quadra created a Statement of Applicability dealing with the controls deemed to be applicable in line with ISO27001, develop information security policy and procedures, and implement the information security management system to the requirements of ISO27001. Following guidance on an implementation period, Quadra carried out a full internal audit of the system to assess and ensure readiness for certification and facilitated a review in assessing the system prior to external audit.
What was the outcome?
Following the two stages of external audit, MedAll were recommended for ISO27001 certification first time and were extremely happy with the outcome. This achievement was of huge importance to all involved in standardising information security management processes throughout their innovative business, at an internationally recognised level.
Need more information?
For further information or to arrange a waste management review of your organisation please contact us.
tel: +44 28 9042 3222 / +35318321493
Email: [email protected]
