Professional Documents
Culture Documents
ITG EU Case Study Template Blendr - Io ISO 27001 Online FastTrack Case S
ITG EU Case Study Template Blendr - Io ISO 27001 Online FastTrack Case S
Overview
The Need
Blendr.io, an information
technology organisation
that provides iPaaS
(integration Platform as a
Service) for SaaS (Software
as a Service) companies,
wanted to certify to ISO/
IEC 27001:2013 to benefit
from the Standard’s best
practice and reassure
clients that it was
meeting an internationally
recognised standard of
information security.
The Solution
ISO 27001 FastTrack 20
consultancy.
The Benefit
An ISMS (information
Case study Blendr.io security management
system) certified to ISO
27001 is recognised
around the world as
Blendr.io case study: ISO 27001 FastTrack 20 an indication that
consultancy with IT Governance an organisation has
implemented and
maintains information
security best practice.
Background
Blendr.io provides a powerful, hyper-scalable and secure integration
platform for SaaS companies. Its Blend Editor software allows
organisations to build secure and powerful native integrations quickly
and seamlessly.
As an organisation that depends on processing customer data, it is particularly important for Blendr.
io to be able to demonstrate that its systems are as secure as possible and follow internationally
recognised best practice.
The company therefore sought to align its existing security processes with international best practice
by implementing an ISMS that conforms to the international standard for information security
management, ISO/IEC 27001:2013 (ISO 27001), and achieving certification to the Standard.
Recognising IT Governance as an expert in ISMS implementation, Blendr.io opted for our ISO 27001
FastTrack 20 consultancy service, a fixed-price package designed to help smaller organisations reach
ISO 27001 certification readiness in just three months.
01
How the ISO 27001 FastTrack
20 consultancy service helped Testimonial
Blendr.io “IT Governance provided us with excellent
training and guidance in developing our
ISMS. Their responsiveness and wealth of
Requirements knowledge about ISO 27001 helped us achieve
certification in record time.”
Blendr.io wanted to obtain certification to
ISO 27001 both to provide reassurance to Jochen Boeykens
its existing clients and to use as a selling Executive Board Member and CFO
point when attracting new ones. Blendr.io
02
Project mandate
The first stage focuses on collating information relating to an organisation’s commitment to proceed with the project
and producing an information security policy that reflects the appropriate objectives for the organisation. This will
define the scope of the ISMS and facilitate the mandated management approval of essential documents.
Project initiation
This stage develops the project’s goals and ensures that both the project and the ISMS succeed in delivering
the objectives. With a project plan and key delivery dates in place, it is easy to keep track of the achievement of
milestones and ensure the project is delivered on time.
ISMS initiation
The third stage involves compiling a list of the requirements of each ISMS process and the tasks required to develop
and implement them. These will relate directly to the principal stages in the project plan and inform the assignment
of tasks required to execute the plan.
Management framework
This stage addresses the critical ISO 27001 requirements relating to organisational context, scope and leadership,
and ensures that the ISMS framework is aligned with and supports the delivery of business objectives.
All organisations have security controls in place to some degree. Ensuring these existing controls meet the
requirements of the relevant legislation, regulations and contracts early in the project can ensure an effective
information security stance.
Risk management
This stage covers the development of a robust information security risk process and identification of appropriate
information security risk treatments and controls. The default approach is an asset-based risk assessment, unless
specifically required otherwise, and results in the risk treatment plan and Statement of Applicability.
Implementation
The implementation phase addresses both management system processes and information security controls to make
sure that the design of the ISMS and operation of its processes are carried out in an appropriate manner.
Our consultant will work with the organisation to develop the necessary documentation based upon a consolidated
workbook that forms the basis for the ISMS. The consultant will also help arrange access to online information
security staff awareness training, which will ensure the organisation meets this specific requirement of the Standard.
This phase establishes the effectiveness of the ISMS based upon measurable parameters, including ISMS processes
and security controls. Key areas include an internal ISMS audit and management review; the consultant will facilitate
the first management review meeting if desired.
Certification audit
IT Governance will plan, conduct, report and follow up on the necessary internal audit before the certification audit.
We also provide one day’s support during the stage 2 certification audit.
03
The outcome
The certification body, Brand Compliance, assessed Blendr.io to determine the organisation’s
level of conformance to ISO 27001. This included evaluating the ISMS’s capability to ensure
conformity to statutory, regulatory and contractual requirements, to identify potential
opportunities for improvement, and to ensure that applicable controls had been implemented,
based on a risk assessment, and the established information security objectives achieved. IT
Governance helped Blendr.io create and review materials and pass its stage 1 audit. Blendr.io
received its ISO 27001:2013 certificate in September 2020.
Stage 1 Stage 2
The solution
IT Governance’s ISO 27001 FastTrack 20 consultancy is a fixed-price online consultancy package
designed to help small organisations achieve ISO 27001 certification readiness in just three
months.
It suits organisations that already have a basic level of cyber security in place and includes:
• An information security policy, and a project plan that clearly identifies the ISMS scope
and objectives;
• A mandatory information security risk assessment;
• Development of all ISMS documentation, including the information security policy;
• Guidance on the required controls to be implemented based on the risk assessment
outcomes;
• Fundamental security awareness training for staff;
• Facilitation of the first management review meeting;
• An internal ISMS audit before certification;
• One day’s support during the certification audit; and
• Support selecting the right accredited certification body.
04
Key features
• End-to-end support: You will be assigned a qualified consultant who will undertake all
the key activities of setting up a working ISO 27001 ISMS that reflects your business
objectives and requirements, and is suitably scaled to the size of your organisation.
• Fixed price: No extra costs, no surprises. We will help you implement an ISMS for a one-
off fee.
• Guaranteed certification: If you do not achieve certification, we will meet any and all extra
direct remedial costs necessary to ensure you pass your final certification audit.
05
Why choose IT Governance?
• Our ISO 27001 implementation methodology has been honed over 15 years.
• We are known as the global authority on ISO 27001 – our management team led the
world’s first ISO 27001 certification project (formerly known as BS 7799).
• We offer everything you need to implement an ISO 27001-compliant ISMS – you don’t
need to go anywhere else.
• We guarantee certification (provided you follow our advice!).
• You benefit from real-world practitioner expertise, not just academic knowledge.
• We have trained more than 7,000 professionals on ISO 27001 implementations and audits
worldwide.
• We have helped more than 600 consultancy clients achieve certification to and
compliance with ISO 27001.
• We have a proven and pragmatic approach to assessing compliance with international
standards, no matter the size or nature of your organisation.
• Our pricing and proposals are completely transparent, so you won’t get any surprises.
• We can help small organisations prepare for ISO 27001 certification in three months.
IT Governance Europe is the one-stop shop for cyber security, cyber risk and
privacy management solutions.
Contact us if you require consultancy, books, toolkits, training or software.
06