Strategic Information Security: Driving ISO 27001 Adoption to Elevate Enterprise Risk Management

As an international company that manages and mines “Big Data” for a manufacturing vertical, this company needed to get certified quickly with a superior risk management approach shortly after acquisition.

Challenge

The company had a mature information security program but was pursuing ISO 27001 certification at the request of their clients.

After being acquired by a larger organization, the security team quickly discovered that the information security program of the acquiring organization was deficient in multiple areas. 

The need to implement an ISO 27001-compliant information security management system (ISMS) soon became apparent.

Solution

JBW Group International implemented a tailored solution for the client, leveraging aspects of their existing security program that were in compliance with the standard and quickly addressing identified gaps, particularly around risk management. The greater transparency into information security afforded by the ISMS implementation enhanced their already mature governance model. The changes in information security risk management and the increased effectiveness it provided was used as a model to drive enterprise risk management for the entire organization.

Results

Achieved ISO 27001 certification in just eleven months with rapid and efficient implementation of the ISMS.

Enhanced transparency in information security, bolstering the organization's mature governance model.

Approval from executive leadership for enterprise-wide implementation of the ISO 27001 framework based on demonstrated success.

Promotion of the Vice President for Information Security to Chief Security Officer for the enterprise
upon recognition of success.

Download pdf