A Case Study of Two Customers: MindCraft and Zappit

Introduction

ISO 27001 is the international standard for information security management systems. It provides a framework for establishing, implementing, maintaining, and improving the security of an organisation's information assets. Achieving ISO 27001 certification demonstrates that a business has implemented best practices for protecting its data, systems, and customers from cyber threats.

However, achieving ISO 27001 certification is not an easy task. It requires a lot of time, resources, and expertise to conduct a gap analysis, implement the necessary controls, document the policies and procedures, and undergo an audit by an accredited certification body. For many small and medium-sized businesses, this can be a daunting and costly challenge, especially if they lack the in-house skills and experience to manage the project.

That's where Cool Waters Cyber comes in. Cool Waters Cyber is a cyber security consultancy that offers compliance-as-a-service for firms seeking ISO 27001 accreditation. Cool Waters Cyber provides end-to-end support for the entire certification process, from planning and scoping, to implementation and testing, to audit and maintenance. Cool Waters Cyber leverages its team of certified experts, proven methodologies, and cutting-edge tools to deliver the project on time and on budget, leaving the customers free to focus on their core business activities.

In this case study, we will look at how Cool Waters Cyber helped two of its customers, MindCraft and Zappit, achieve ISO 27001 certification, and how this benefited their businesses.

MindCraft: A boutique digital consultancy

MindCraft provides digital advisory, service management and IT transformation services to mainly public sector clients across various industries. They  also offer custom software development, cloud migration, and complex project and programme management expertise, priding themselves on delivering high-quality solutions that meet challenging and specific customer needs and expectations.

As an IT service provider, MindCraft handles sensitive and confidential information from its clients, such as financial data, personal data, and intellectual property. MindCraft understands the importance of protecting this information from unauthorised access, disclosure, modification, or loss. Therefore, MindCraft decided to pursue ISO 27001 certification to demonstrate its commitment to information security and to gain a competitive edge in the market.

However, MindCraft faced some challenges in achieving ISO 27001 certification. First, MindCraft did not have a dedicated information security team or a formal information security management system in place. Second, MindCraft had limited resources and time to devote to the certification project, as it had to balance the demands of its existing and new customers. Third, MindCraft lacked the expertise and experience to navigate the complex and rigorous requirements of ISO 27001.

That's why MindCraft turned to Cool Waters Cyber for help having worked with them on another project to manage ISO 27001compliance for a large public sector project: the A303 Stonehenge tunnel bypass. Cool Waters Cyber assigned a dedicated project manager and consultants to work with MindCraft on the certification project. Cool Waters Cyber conducted a gap analysis to identify the current state of MindCraft's information security and the areas that needed improvement. Cool Waters Cyber then developed a project plan and a roadmap to implement the necessary controls, policies, and procedures to meet the ISO 27001 standard. Cool Waters Cyber also provided training and awareness sessions to MindCraft's staff to ensure they understood their roles and responsibilities in the information security management system. Cool Waters Cyber also conducted regular reviews and tests to monitor the progress and effectiveness of the project. Finally, Cool Waters Cyber prepared MindCraft for the audit by a UKAS accredited certification body and supported them throughout the audit process.

As a result of Cool Waters Cyber's compliance-as-a-service, MindCraft achieved ISO 27001 certification within four months, with no non-conformities or issues. MindCraft was able to demonstrate to its clients and stakeholders that it had implemented a robust and reliable information security management system that met the international best practices. MindCraft also gained the following benefits from ISO 27001 certification:

• Enhanced reputation and trust among its customers and partners

• Increased customer satisfaction and loyalty

• Reduced risk of data breaches and cyber attacks

• Improved operational efficiency and performance

• Compliance with relevant laws and regulations

• Access to new markets and opportunities

  MindCraft's CEO, Angus Walker, said: "We are very pleased with the outcome of the ISO 27001 certification project. Cool Waters Cyber did an excellent job of leading and managing the project, providing us with the resources and expertise we needed to achieve our goal. Cool Waters Cyber became very much part of our team. They were  professional, responsive, and flexible throughout the project, and they delivered on time and on budget. We would highly recommend Cool Waters Cyber to anyone looking for a cyber security partner to help them achieve ISO 27001 certification."

Zappit: A Marketing Technology Firm

Zappit is a marketing technology firm that offers a suite of innovative solutions for coupon and cashback based marketing and customer care. Zappit helps its customers optimise their marketing campaigns, increase their conversions, and grow their revenue.

As a marketing technology firm, Zappit collects and processes large amounts of data from its customers and their end-users including GDPR protected personal information. Zappit respects the privacy and security of this data and wanted to ensure it is was protected and secure at all times and this protection had been independently verified.

Therefore, Zappit decided to pursue ISO 27001 certification to enhance its information security capabilities and to demonstrate its compliance with the data protection laws and regulations. Zappit also wanted to achieve ISO 27001 certification to differentiate itself from its competitors and to attract more customers who value data security and privacy.

However, Zappit faced some challenges in achieving ISO 27001 certification. First, Zappit had an agile and dynamic IT environment and its internal team was already working flat out to deliver the innovative solutions promised to their clients. Second, Zappit’s clients, often tier 1 global brands, were increasingly asking for independent verification of their platform's security. Third, Zappit had a diverse and distributed workforce, with employees working from different locations and countries.

That's why Zappit turned to Cool Waters Cyber for help to provide day to day managed cyber security and to gain ISO 27001 certification. Cool Waters Cyber assigned a dedicated project manager and ISO 27001 expert to work with Zappit on the certification project and cyber security experts to be Zappit’s cyber security team including a Chief Information Security Officer (CISO) to lead Zappit’s security strategy. Cool Waters Cyber conducted a comprehensive risk assessment to identify the potential threats and vulnerabilities that Zappit faced in its IT environment and its business processes. Cool Waters Cyber then developed a project plan and a roadmap to implement the necessary controls, policies, and procedures to mitigate the risks and to meet the ISO 27001 standard. Cool Waters Cyber also provided training and awareness sessions to Zappit's staff to ensure they understood their roles and responsibilities in the information security management system. Cool Waters Cyber conducted regular reviews and tests to monitor the progress and effectiveness of the project. Finally, Cool Waters Cyber prepared Zappit for the audit by a UKAS accredited certification body and supported them throughout the audit process.

As a result of Cool Waters Cyber's compliance-as-a-service, Zappit achieved ISO 27001 certification within nine months, with no non-conformities or issues and have just passed their second annual surveillance audit – again with no non-conformities or issues being discovered. Zappit was able to demonstrate to its customers and stakeholders that it had implemented a robust and reliable information security management system that met the international best practices. Zappit also gained the following benefits from ISO 27001 certification:

• Enhanced reputation and trust among its customers and partners

• Increased customer satisfaction and loyalty

• Reduced risk of data breaches and cyber attacks

• Reduced cost of sale and supplier due diligence

• Compliance with relevant laws and regulations

• Access to new markets and opportunities

Zappit's CEO, Mark Fraser, said: "We are very happy with the outcome of the ISO 27001 certification project and working with the team at Cool Waters Cyber. They do an outstanding job of managing our day-to-day cyber security and compliance – leaving my team free to focus on delivering our projects and platform innovations. Cool Waters Cyber were professional, responsive, and flexible throughout the project, and they delivered the project on time and on budget. I’d recommend Cool Waters Cyber to anyone looking for a cyber security partner to help them achieve ISO 27001 certification or provide an outsource managed cyber security team."

Conclusion

Cool Waters Cyber is a cyber security consultancy that offers compliance-as-a-service for firms seeking ISO 27001 accreditation. Cool Waters Cyber provides end-to-end support for the entire certification process, from planning and scoping, to implementation and testing, to audit and maintenance. Cool Waters Cyber leverages its team of certified experts, proven methodologies, and cutting-edge tools to deliver the project on time and on budget, leaving the customers free to focus on their core business activities.

In this case study, we have seen how Cool Waters Cyber helped two of its customers, MindCraft and Zappit, achieve ISO 27001 certification, and how this benefited their businesses. Both customers were able to demonstrate their commitment to information security and compliance, enhance their reputation and trust, increase their customer satisfaction and loyalty, reduce their risk of data breaches and cyber attacks, improve their operational efficiency and performance, and access new markets and opportunities.

If you are interested in learning more about Cool Waters Cyber's compliance-as-a-service offering, or if you want to start your ISO 27001 certification journey, please contact us at daniel@cool-waters.co.uk or visit our website at www.cool-waters.co.uk.