Case Study: Oceans HQ
Oceans HQ are a Devon based IT firm who specialise in the design and development of software products. With solutions targeted at the international shipping, retail and events industries, the company has grown steadily thanks to their honest approach, customised solutions and commitment to best practice.
As demonstration of this commitment, Oceans HQ decided to adopt the internationally recognised ISO 27001 standard to give clients reassurance that their data would be handled securely. Here, we find out how they achieved certification.
With the world moving towards storing their information online, there has been an obvious question – can we trust external suppliers with our data? With Oceans HQ offering their clients secure, 24/7 access to their data, they wanted to be able to give more than their word – they wanted to prove it.
The issue was particularly prevalent considering the company’s client portfolio includes government departments. As such, being proactive in meeting client expectations would mean they would benefit from being a stand-out choice in a competitive marketplace. Co-Founder André Tanguy explained the decision to move forward with ISO 27001 as a result;
“There are many potential clients asking for ISO 27001; especially government customers. We saw certification as a way of showing existing clients that we follow data security best practice as well a way of moving our sales pipeline forward rapidly.”
Being responsible for client project management, it was André who would take overall responsibility for ISO 27001’s implementation. He explained the desired outcome;
“With most of our clients being ISO certified themselves, understandably they want to ensure our software solutions are similarly compliant. As such, when scoping projects, I wanted to ensure these projects were in line with ISO 27001:2013’s requirements. When it came to choosing a certification body, the BAB team were friendly and knowledgeable from the outset. Certification appeared daunting at first, but after discussions with the BAB team, the process became clear.”
The first step of the certification process is to ascertain where the organisation currently stands. Oceans HQ were visited by their Lead Auditor for a Stage 1 visit so that André and his team would have a clear understanding of where they needed to be in order to successfully achieve certification. Reflecting on the visit, André said;
“Initial implementation was in fact relatively straight forward as we found we already had processes and procedures in place in line with the standard. ISO 27001 did help us update a large number of our internal policies, with the framework helping to bring consistency to our existing documentation. It also helped with stakeholder buy-in and knowledge transfer.”
As testament to the amount of processes and procedures the company already had in place, Oceans HQ were ready for the more formal Stage 2 audit in a matter of months, where the company received the green light for certification from their Lead Auditor. André recalled the experience, saying;
“The audit process was clear, concise and helpful. It was delivered in a way that helped us to remove non-conformities and create a successful path forward. Meanwhile, the impact on everyday operations was kept to a minimum.”
Oceans HQ are a classic example of how a well run business can achieve third-party certification to ISO 27001 without turning their business upside down. Now, they can strengthen their message to both new and existing clients that they are a supplier that can be trusted. One month on, André commented on the impact ISO 27001 has had on the business so far;
“Internal stakeholders are even more confident that our processes and procedures are regularly reviewed. Likewise, prospective customers also have that reassurance when it comes to our approach to information security and management. Our existing clients can also leverage ISO 27001’s benefits by using our services, and in fact this has resulted in an increase in new customers in the short time since becoming certified.”
Find out more about us
Next entry: Case Study: The Tax Guys
Previous entry: Looking to expand? Get your ducks in a row!