Benefits: DPO or ISMS Leader

The infosec practitioner’s perspective:

“The biggest challenge is managing peoples attitude to information security”

What are you trying to achieve?

Help my organisation get an information security management system in place and educate the staff so we can embed the philosophy of information security best practice into the culture here. ISO 27001 conformity is our priority as senior management feel it will help them win more customers, reduce risk and keep our information assets safe.

We must adopt a risk-based approach to show resilience against cyber-attacks and physical attacks, managing risks with controls from the ISO 27001 standard will allow us to mitigate against these known threats and vulnerabilities, allowing for a secure and robust ISMS.

What are your pain points?

The biggest frustration comes from within an organisation around timescales. Most organisations wake up to the need for an ISMS due to an issue or incident occurring and then want a solution yesterday. That’s where the tension starts as it typically takes 12 months to get a basic ISMS in place and then an additional 6-12 months to get the ISMS certified under ISO 27001.

Information security is still not taken seriously by most organisations unless it is embedded into businesses systems and culture, and led by senior management.

I am lucky here that our CEO and Board buy into the benefits as well as understanding the huge risks of not building an ISMS, but the rest of the organisation need more awareness.   

How could Hicomply benefit your business?

By having Hicomply to assist our ISMS implementation it provides immediate benefits like a decreased down-time of IT systems and a decrease in the number of security incidents. Which in turn leads to higher levels of customer satisfaction.

Hicomply provides a way to securely store, review and update controls, policies, and procedures. In addition, the ability to monitor ISMS performance against a statement of applicability & business objectives is hugely valuable. 

The process of implementing and maintaining an ISMS is also improved by streamlining all stages of the process from scoping to certification.

And finally being able to document an incident such as a security breach, and then manage,  communicate, and control the breach in a digital environment means we can continuously check and improve our method of response. Managing risk, assets and incidents under one “roof” breeds success and confidence. 

How could Hicomply benefit your role?

Hicomply helps me ensure that we stay compliant and give me the visibility I need to manage it.  It helps me focus on what’s important, one example of efficiency is being able to automate the staff awareness training and flag to them when they need to complete a task automatically rather than me having to chase them manually.

Most importantly it raises the awareness of how important data security is and changes the culture in the organisation around how we tackle it proactively, with a plan, rather than reactively. I want our staff to feel like the organisation they work for is serious about protecting their own personal data and customers data so the business is more secure and ultimately their jobs are more secure.

Hicomply gives us an increased ability to meet legal, regulatory and contractual compliance. Working within a business that invests in ISMS software gives me confidence that they are taking the risks seriously.

Transform your business