Cyber Essentials (CE) and CE Plus, IASME, and ISO 27001 certification
“Resilient is a pioneering provider of smart voice services that help the public and private sector solve strategic continuity, compliance and fraud prevention challenges. Resilient’s team of industry thought-leaders create voice services which transform the way employees and business partners organise and co-operate across the country and across the world.
“For three years, Ascentor acted as our guides when dealing with the ISMS improvement roadmap overall, picking the right certifications to achieve along the way to show benefit to the business and, at the same time, allowing us to gradually and continuously improve our internal processes.”
Anton Pasyuta, Project Manager, Resilient plc
The challenge
Resilient made a strategic decision to invest in security for three key reasons:
- The need to reduce risk
- The goal for customers to have confidence and trust in Resilient as a safe, secure and professional pair of hands for their critical services.
- The desire to respond more clearly to customer questions about security.
To underpin the investment and openly demonstrate commitment to its clients, Resilient decided to attain relevant security certification.
The solution
Resilient engaged Ascentor to help guide their security improvement and certification journey. Ascentor supported Resilient to understand and develop their overall Information Security Management System (ISMS) improvement plans and advise on the appropriate frameworks to follow and certifications to achieve.
At the start of the journey, a comprehensive assessment of all ISMS areas was conducted between Ascentor and Resilient. This presented Resilient with a clear view on possible improvement opportunities and allowed the customer to prepare a well-defined strategy and a high-level implementation plan to increase their Information Security Maturity level. A staged approach was chosen and successfully implemented across the following three years – starting with Cyber Essentials (CE) and CE Plus, then to IASME (Information Assurance for Small and Medium Enterprises) and finally to ISO 27001.
During the project, Ascentor helped to develop policy documents and an associated management system and designed a governance approach. Throughout the implementation, Ascentor maintained focus on the business benefits rather than simply on achieving certification for the sake of certification. At the same time, they gave detailed and expert support by reviewing materials to assess their suitability and accuracy of application.
The result
Ascentor’s support steered Resilient down a smooth certification path avoiding common pitfalls that can waste time, effort and money.
Added value came from the careful progression through the certification programme, which meant each round of work built smoothly on top of the last.
Resilient is now more aware of critical assets, particularly within their supply chain. They have increased security awareness across the company and can demonstrate a strong security culture. Their increased and certified level of cyber maturity can be used to demonstrate their capabilities to clients.