A new approach to securing client ISO certification
The challenge
A National Highways’ high profile road development scheme needed to ensure information security and cyber security was at the heart of its project.
That meant securing the world class ISO 27001 certification, normally only possible for whole businesses and organisations, not single projects.
At first it seemed the A303 Stonehenge project’s aspiration to achieve ISO certification would hit a dead end – until MindCraft stepped in with an innovative approach.
Our solution
Securing an ISO 27001 accreditation is a demanding undertaking- even without the added complexity MindCraft unearthed.
With no central ISO27001 certification in place for the client organisation National Highways itself, some advisors thought the goal was unachievable. No individual UK road scheme had been ISO certified before.
However, working with MindCraft’s global partner Insight and in close liaison with the official ISO auditors, Mindcraft proposed a novel approach that it would secure the certification in its own name ‘on behalf’ of A303 project.
MindCraft’s Managing Director Angus Walker said:
“This approach was untested in the experience of all those involved, and relied on us being able to demonstrate our ability to demonstrate to our client and to the auditors that we could meet the challenging demands of the certification process.”
Making sure all parties, including National Highways’ own information security team and the project leadership, meant preparation was thorough over a year long period.
Finally on the day of the audit the team sailed through to secure the first ISO 27001 certification for any UK road scheme.
MindCraft’s Managing Director Angus Walker adds:
“We prioritised our own business’ ISO 27001 accreditation to ensure the project secured the much sought-after badge, which was so important to the information security on a high profiled and controversial project.’
The benefit
· Set a new approach, under strict criteria, in which individual programmes within a wider business, may secure bespoke and secure processes and accreditation.
· Processes put in place under the successful ISO certification ensured data security and information management would be rigorously monitored, and audited.