Bright
Attaining ISO 27001 was a logical progression for Bright
Executive Summary
Bright is an agile software company specializing in providing Digital Asset Management (DAM) solutions, which store, share and organize digital assets. Established in 1999 and based in Brighton, Bright has over 800 global clients worldwide including 20 FTSE 100 organisations.
The Challenge
Client data security is taken very seriously at Bright.
With this ever-increasing focus on security both within Bright and by their clients, gaining certification in the ISO 27001: 2013 Information Security Management System (ISMS) had been something the Company had wanted to achieve. Exacting policy-led processes were already in place, but the team knew that gaining ISO 27001 would formalize those and provide the internal and external assurance and validation necessary.
“We had undertaken GDPR compliance with Chapter 3 Consulting (C3C) and had a really good working relationship, so we got back in touch,” explained Kate McDonald, Head of Business Operations at Bright.
The ISMS is a systematic approach to managing information security, and defines security controls including people, processes and IT systems.
The Solution
“ISO 27001 could have been a bit overwhelming, but C3C made it as simple as possible. We devised a schedule, worked with their 12-step implementation plan and full suite of implementation tools and it worked really well,” said Kate McDonald. “We would not have wanted to start from scratch by ourselves.”
“We did not need a heavy-handed Consultancy service, just the right specialist support and Tana (Tana Jackson, CSC’s Operations Manager) was ideal for this and really flexible.”
The Results
“With C3C’s help we completed the process and passed the UKAS certification audit the first time, all in 6 months!” commented Kate McDonald. “Culturally it was a great exercise. Everyone bought into doing it, could see the benefits and were really proud when we were awarded the certification.”
“Undertaking the whole ISO27001 process has now given us a framework for where and what we can do to further improve our security practices and policies. Incredibility useful as we develop new products.”
“Whilst we have only just passed, that fact that we can send ISO 27001 Audit Reports to prospects and clients as a demonstration of our policies and procedures is an immediate benefit!”
Kate McDonald, Head of Business Operations
www.assetbank.co.uk
Attaining ISO 27001 was a logical progression for Bright
Executive Summary
Bright is an agile software company specializing in providing Digital Asset Management (DAM) solutions, which store, share and organize digital assets. Established in 1999 and based in Brighton, Bright has over 800 global clients worldwide including 20 FTSE 100 organisations.
The Challenge
Client data security is taken very seriously at Bright.
With this ever-increasing focus on security both within Bright and by their clients, gaining certification in the ISO 27001: 2013 Information Security Management System (ISMS) had been something the Company had wanted to achieve. Exacting policy-led processes were already in place, but the team knew that gaining ISO 27001 would formalize those and provide the internal and external assurance and validation necessary.
“We had undertaken GDPR compliance with Chapter 3 Consulting (C3C) and had a really good working relationship, so we got back in touch,” explained Kate McDonald, Head of Business Operations at Bright.
The ISMS is a systematic approach to managing information security, and defines security controls including people, processes and IT systems.
The Solution
“ISO 27001 could have been a bit overwhelming, but C3C made it as simple as possible. We devised a schedule, worked with their 12-step implementation plan and full suite of implementation tools and it worked really well,” said Kate McDonald. “We would not have wanted to start from scratch by ourselves.”
“We did not need a heavy-handed Consultancy service, just the right specialist support and Tana (Tana Jackson, CSC’s Operations Manager) was ideal for this and really flexible.”
The Results
“With C3C’s help we completed the process and passed the UKAS certification audit the first time, all in 6 months!” commented Kate McDonald. “Culturally it was a great exercise. Everyone bought into doing it, could see the benefits and were really proud when we were awarded the certification.”
“Undertaking the whole ISO27001 process has now given us a framework for where and what we can do to further improve our security practices and policies. Incredibility useful as we develop new products.”
“Whilst we have only just passed, that fact that we can send ISO 27001 Audit Reports to prospects and clients as a demonstration of our policies and procedures is an immediate benefit!”
Kate McDonald, Head of Business Operations
www.assetbank.co.uk