JANIKA D.

ESTANGKI

ASSIGNMENT 2

ISO/IEC 27001 is the international standard for information security management. By

implementing the standard, organizations can identify security risks and put
controls in place to manage or eliminate them, gain stakeholder and customer trust
that their confidential data is protected, and help achieve preferred supplier
status helping to win new business.

1.1 How different organizations have benefited from implementing the standard?
a. Cleardata
Cleardata has been named Tyneside and Northumberland's Small Business
of the Year. The company's 65-strong UK-wide team provides a range of
document management services. Clients include health and social care,
law firms, and the aerospace industry. According to David Bryce,
Managing Director of Cleardata, the company’s employee bonus plan is
based not only on company profitability but also on individual
employees’ performance. Cleardata awarded a contract because it already
had ISO 27001 in place. “The great thing about having standards is that
it helps you stay ahead of the competition, and you’re not just
competing on price, but on quality,” he says.

b. WorldPay
Worldpay is a global payment processing leader. Worldpay processes 31
million mobile, online, and in-store transactions on an average day. It
now employs over 5,000 people worldwide, with headquarters in London
and 25 offices in 13 countries. ISO 27001, according to Ian Crossley,
Head of Business Continuity & Corporate Security at Wordplay, provides
a framework for identifying and managing risks in their organization.
They demonstrate that they are going above and beyond. "Externally,
they provide critical customer reassurance," he added. They undoubtedly
help us win business by demonstrating to customers our tenacity.
c. Novacroft
Novacroft is a London-based company specializing in the development and
management of smartcard programs. The company has worked with clients such
as the Royal British Legion and Transport for London to reduce costs and
administration costs through the use of e-commerce and digital technology.
According to Debra Charles, Founder, and CEO of Novacraft, without the
standard, they wouldn’t have won the contract with Royal British Legion or
bid for another large piece of work. The payback is evident in the firm’s
50% financial growth over the last three years.
d. Exponential-e
Exponential-e is the second largest network provider in the greater
London region. The privately-owned London-based company, founded in
2002, is rapidly expanding. With a 100 Gig core Ethernet network, it is
trusted by over 1700 customers to deliver infrastructure that connects
the UK. "This certification allows us to go one step further by
providing our customers with the assurance that we have the best
 controls in place to identify and reduce any risks to confidential
information," says Jitesh Bavisi, Director of Compliance at
Exponential-e.
e. Alternative
Alternative is a company that specializes in business IT and
communications. The business was founded in 1994 and now employs over 600
employees across six locations. The ISO/IEC 27001 systems allow the
organization to better analyze trends. If a security event occurs
regularly, it may be readily discovered and remedied. Similar research is
possible because of the way incidents are classified under ISO-IEC 20000-
1. According to Nada, the adoption of ISO 9001 to Alternative has
increased customer satisfaction. The firm has a strict “no waste to
landfill” policy. General waste is responsibly burned, and the energy
created is converted into power for use in a local community program.
f. Capgemini
Capgemini is the largest IT services provider in Europe. It has been an
independent corporation for 45 years and works in over 40 countries.
Enhanced security awareness and passion among employees, as well as the
assurance of best practices for existing and prospective clients, are
all benefits of ISO/IEC 270001 to Capgemini. Security is a key priority
for the company's board of directors, resulting in operational buy-in
and financial backing.
g. Costain
Costain is a long-established British engineering and construction
group. Adopting ISO 9001 has improved customer satisfaction and
embedded an ethos of continual improvement. Since implementing ISO
14001 Costain has reduced the total amount of waste it generates by
53%. Costain also has implemented ISO/IEC 27001 to safeguard the
commercial information of its clients and partners. The company's
recent ISO 22301 certification shows that it has a strong management
system, both internally and externally.
h. Fredrickson International
Fredrickson International is a UK-based Debt Collection Agency,
operating in the UK with three sites across Surrey. The organization’s
key corporate values are compliance, performance, and innovation.
Fredrickson has enjoyed a sustained period of growth both organic and
through new client acquisitions. FTSE 100 companies and government
clients are among its clients. Clients and the general public can now
have complete trust in Frederickson’s management of their personal
information. The duration of third-party audits of its security
practices has been significantly reduced. Jan-Michael Lacey, Sales &
Marketing Director at Fredrickson, says that “Being able to show we are
fully ISO 27001 certified has significantly reduced the man-hours
needed to complete IT security questionnaires required by clients in
bidding for work and on an ongoing basis after a contract has been
awarded”.
i. SVM Cards Europe
 SVM Europe is a sister company to SVM LP, the leading gift card provider
in the United States. It offers companies pre-paid solutions for rewarding
and motivating employees. Gift cards, vouchers, e-codes, and flexible
reward codes are among its products for a variety of retail brands in the
UK and Europe. SVM Europe’s departments are now properly aligned and
managed, rather than on an ad hoc basis. The impact of implementing
ISO/IEC 27001 has been greater than SVM anticipated. It has reaped the
following benefits: less downtime enhanced organizational structure and
increased ability to win tenders. The organization has also progressed
from having no risk register to having a comprehensive risk management
system.
1.2 Develop a learning journal based on the Case Studies.
ISO/IEC 27001 certification shows that an organization has
designed and implemented best-practice information security
processes. Some firms utilize ISO 27001 as a foundation for best
practices rather than becoming certified.
Not only will ISO 27001 certification help to demonstrate good
security practices, which will improve working relationships and
help to retain existing clients, but it will also give an
organization a proven marketing edge over its competitors, putting
it alongside companies like Cleadata, Worldplay, Novacroft and etc.
When a company expands rapidly, it doesn’t take long for
uncertainty to arise about who is in charge of whose data assets. By
explicitly defining information risk duties, the standards help
companies become more productive.
The ISO 27001 accreditation is a globally recognized indicator
of security performance that eliminates the need for recurring
client audits, reducing the number of days spent on external
customer audits. Regular reviews and internal audits of the ISMS are
required as part of ISO 27001 certification to ensure its continuous
improvement. In addition, an external auditor will inspect the ISMS
at regular intervals to ensure that the controls are functioning
properly. This independent assessment determines whether the ISMS is
in good working order and delivers the level of security required to
secure the organization's data.