Thirteen Group achieve ISO 27001

Thirteen Group, specialising in housing development, owning and managing more than 34,000 homes, provide housing both for rent and sale for more than 70,000 customers across Teesside and other areas of North East England and Yorkshire, as well as support services including money advice, routes into skill and employment, schemes to help people live independently, adaptions to homes and more.

Why ISO 27001?

Being dedicated to development, improvement, and progression Thirteen Group decided to implement ISO 27001, which specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). It includes requirements for the assessment and treatment of information security risks which are tailored to the specific needs of an organisation.

Implementing an ISMS has many benefits including protecting data, increasing resilience to cyber-attacks, demonstrates a commitment to data security and provides a credential when tendering for new business.

The process to certification

Recognising the benefit for their organisation – Thirteen Group decided to appoint Quadra to assist with the implementation of the Information Security standard due to their unrivalled expertise, established reputation and ease of process.

What did Quadra do?

Quadra met with Thirteen Group to understand the business unit operations, gather information, and review the existing information security processes against the requirements of ISO 27001. A risk assessment was conducted after the review to identify key information assets and potential threats and vulnerabilities were identified through the risk assessment process.
Quadra created a Statement of Applicability dealing which of the 114 ISO 27001 controls were deemed to be applicable to Thirteen. Information security policies and procedures were then developed and the information security management system, in line with the requirements of ISO 27001, was implemented. Following this, Quadra carried out a full internal audit of the system to assess and ensure readiness for certification and facilitated a review in assessing the system prior to external audit.

What was the outcome?

Following the two stages of external audit, Thirteen Group were recommended for and achieved ISO 27001 certification. This achievement was of huge importance to all involved within Thirteen, standardising information security management processes throughout the organisation, at an internationally recognised level.

What did the client say?

“Obtaining ISO27001 at thirteen group was vital, not only does it provide additional reassurance to our colleagues and customers that we take information security seriously, but it was also integral to helping us retain some important contracts and provide a solid base for new business opportunities. As we had an ambitious timeline to achieving this accreditation (6 months) we knew that we needed expert guidance, this is where Quadra were invited to help provide that consultancy after a competitive tender exercise. We had the pleasure of working with Mark throughout the project, Mark provided us with a comprehensive GAP analysis and action plan to achieving the 114 controls, with this guidance we were successful in obtaining the accreditation standard, without Mark & Quadra we would not have been able to achieve this in such a short amount of time.” Hassan Bahrani. Thirteen Group.

Need more information?

For further information on Information Security management system implementation or to arrange a call, contact us.

Telephone: +44 28 9042 3222 / 01 832 1493

Email: [email protected]

MedAll achieve ISO 27001 certification

MedAll Limited is a Northern Ireland based HealthTech organisation which has developed a cloud-hosted software platform which manages the career portfolio for Healthcare professionals, to monitor their professional development and through the platform, offers open access to both individuals and institutions seeking a more customised solution. Recognising how beneficial an ISO27001 certification could be to the business, Quadra were commissioned by MedAll to analyse their existing business processes and measure them against the requirements of ISO27001, the international standard for information security management systems, with the goal of achieving ISO27001 certification throughout the business.

Why ISO 27001?

MedAll recognised the massive benefits implementing ISO27001 could bring to the business in standardising operational processes throughout the business and setting a pathway for continuous improvement internally, through embedding the information security management system within MedAll. ISO27001 certification would give MedAll clients assurance that their data security was being taken seriously and that security controls were being independently audited and verified.

ISO 27001 does not only focus on Information Technology but focuses on every part of your organisation which is involved in processing information. Implementation means that your organisation will carry out a risk-based review of your current information security controls, identify the threats and vulnerabilities that may exist and build a management system to reduce or eliminate these threats or vulnerabilities.

The implementation process

MedAll recognised the massive benefits implementing ISO27001 could bring to the business in standardising operational processes throughout the business and setting a pathway for continuous improvement internally, through embedding the information security management system within MedAll. ISO27001 certification would give MedAll clients assurance that their data security was being taken seriously and that security controls were being independently audited and verified.

What did Quadra do?

Quadra met with MedAll to understand the business unit operations, gather information, and access the existing information security processes against the requirements of ISO27001. A risk assessment was conducted after this review to identify key information assets and potential threats and vulnerabilities to these assets. A risk treatment plan was then conducted to address any threats and vulnerabilities identified through the risk assessment process. Quadra created a Statement of Applicability dealing with the controls deemed to be applicable in line with ISO27001, develop information security policy and procedures, and implement the information security management system to the requirements of ISO27001. Following guidance on an implementation period, Quadra carried out a full internal audit of the system to assess and ensure readiness for certification and facilitated a review in assessing the system prior to external audit.

What was the outcome?

Following the two stages of external audit, MedAll were recommended for ISO27001 certification first time and were extremely happy with the outcome. This achievement was of huge importance to all involved in standardising information security management processes throughout their innovative business, at an internationally recognised level.

Need more information?

For further information or to arrange a waste management review of your organisation please contact us.