MedAll Limited https://medall.org/ is a Northern Ireland-based HealthTech organisation which has developed a cloud-hosted software platform which helps healthcare professionals learn and train virtually. They offer customisable solutions for healthcare organisations to deliver and certify their training – virtually. It offers open access versions to both individuals and institutions seeking a more customised solution. Recognising how beneficial an ISO27001 certification could be to the business, Quadra were commissioned by MedAll to analyse their existing business processes and measure them against the requirements of ISO27001, the international standard for information security management systems, with the goal of achieving ISO27001 certification throughout the business.
MedAll recognised the massive benefits implementing ISO27001 could bring to the business in standardising operational processes throughout the business and setting a pathway for continuous improvement internally, through embedding the information security management system within MedAll. ISO27001 certification would give MedAll clients assurance that their data security was being taken seriously and that security controls were being independently audited and verified.
Why was Quadra chosen?
Established in 1991 with unrivaled experience in developing and maintaining information security management systems aligned with ISO27001 requirements, we were selected to assist and collaborate with MedAll’s leadership to achieve this overall goal.
What did Quadra do?
Quadra met with MedAll to understand the business unit operations, gather information, and access the existing information security processes against the requirements of ISO27001. A risk assessment was conducted after this review to identify key information assets and potential threats and vulnerabilities to these assets. A risk treatment plan was then conducted to address any threats and vulnerabilities identified through the risk assessment process. Quadra created a Statement of Applicability dealing with the controls deemed to be applicable in line with ISO27001, develop information security policy and procedures, and implement the information security management system to the requirements of ISO27001. Following guidance on an implementation period, Quadra carried out a full internal audit of the system to assess and ensure readiness for certification and facilitated a review in assessing the system prior to external audit.
What was the overall outcome?
Following the two stages of external audit, MedAll were recommended for ISO27001 certification first time and were extremely happy with the outcome. This achievement was of huge importance to all involved in standardising information security management processes throughout their innovative business, at an internationally recognised level.