The aim of this engagement was to assist Trendspek with the implementation process against international standard ISO 27001 Information Security Management System. Gridware worked with Trendspek to develop the necessary policies, procedures and documentation required to be complaint with ISO 27001.
Background
Trendspek is a drone data solution provider that helps businesses in their asset management strategy and process. Trendspek offers a simple and powerful asset inspection system, allowing users to inspect, annotate, and organise assets as 3d models or “digital twins”.
Challenge
Implementing ISO 27001 requires a comprehensive, well planned and well executed project. Creating and managing the Information Security Management system can be difficult due to the complexity of fully understanding the project and controls required. Other challenges that can be experienced include:
- Employee buy-in
- Understanding the requirements of the Standard
- Obtaining necessary budget
- Conducting the risk assessment
- Identifying the relevant controls
- Documenting appropriate policies and procedures
The Solution
We conducted a risk assessment based on ISO27001 and industry best practices by conducting various workshops with Trendspek’s key stakeholders. The resulting report provided a risk treatment plan for all risks identified, which enabled Trendspek to implement controls to mitigate these risks.
These IT security risks were prioritised due to the increased level of threat they posed to the organisation.
Once the risks had been identified, they were mapped against the 114 controls of the ISMS. Gridware simultaneously created Trendspek’s policy documents to manage and direct information security in line with the organisation’s requirements, as well as in accordance with the standard. The policy documents were communicated to all staff members and provided Transept with a systematic approach when it came to securing its information.
The Outcome
The goals of this engagement were met within timeline and budget, with Trendspek successfully obtaining its ISO 27001 accreditation. The company was able to assess and mitigate its risks and improve its overall security maturity significantly.
