Thirteen Group, specialising in housing development, owning and managing more than 34,000 homes, provide housing both for rent and sale for more than 70,000 customers across Teesside and other areas of North East England and Yorkshire, as well as support services including money advice, routes into skill and employment, schemes to help people live independently, adaptions to homes and more.
Why ISO 27001?
Being dedicated to development, improvement, and progression Thirteen Group decided to implement ISO 27001, which specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). It includes requirements for the assessment and treatment of information security risks which are tailored to the specific needs of an organisation.
Implementing an ISMS has many benefits including protecting data, increasing resilience to cyber-attacks, demonstrates a commitment to data security and provides a credential when tendering for new business.
The process to certification
Recognising the benefit for their organisation – Thirteen Group decided to appoint Quadra to assist with the implementation of the Information Security standard due to their unrivalled expertise, established reputation and ease of process.
What did Quadra do?
Quadra met with Thirteen Group to understand the business unit operations, gather information, and review the existing information security processes against the requirements of ISO 27001. A risk assessment was conducted after the review to identify key information assets and potential threats and vulnerabilities were identified through the risk assessment process. Quadra created a Statement of Applicability dealing which of the 114 ISO 27001 controls were deemed to be applicable to Thirteen. Information security policies and procedures were then developed and the information security management system, in line with the requirements of ISO 27001, was implemented. Following this, Quadra carried out a full internal audit of the system to assess and ensure readiness for certification and facilitated a review in assessing the system prior to external audit.
What was the outcome?
Following the two stages of external audit, Thirteen Group were recommended for and achieved ISO 27001 certification. This achievement was of huge importance to all involved within Thirteen, standardising information security management processes throughout the organisation, at an internationally recognised level.
What did the client say?
“Obtaining ISO27001 at thirteen group was vital, not only does it provide additional reassurance to our colleagues and customers that we take information security seriously, but it was also integral to helping us retain some important contracts and provide a solid base for new business opportunities. As we had an ambitious timeline to achieving this accreditation (6 months) we knew that we needed expert guidance, this is where Quadra were invited to help provide that consultancy after a competitive tender exercise. We had the pleasure of working with Mark throughout the project, Mark provided us with a comprehensive GAP analysis and action plan to achieving the 114 controls, with this guidance we were successful in obtaining the accreditation standard, without Mark & Quadra we would not have been able to achieve this in such a short amount of time.” Hassan Bahrani. Thirteen Group.
Need more information?
For further information on Information Security management system implementation or to arrange a call, contact us.