IT Governance Helps dsicmm Group Win

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

<p><strong>Ely, England &mdash; Dec. 21</strong><br />One of the U.K.&rsquo;s largest independent direct communications group has achieved ISO27001 certification with the help of IT Governance Limited. dsicmm Group, which serves more than 90 FTSE 100 companies, called in the consultancy to help it prepare for its Stage 2 ISO27001 audit after certain nonconformances were highlighted during its Stage 1 assessment. With the help of IT Governance, dsicmm was able to quickly address these issues and received its ISO27001 certification this month, after just two months of preparation. <br /><br />Information security and quality assurance are deeply ingrained within dsicmm&rsquo;s culture, particularly as the business counts many financial services organizations among its clients. Having already achieved BS7799 compliance in 2006, the company saw ISO27001 certification as a natural progression for its information security defenses. As a complement to this, the business also wanted to achieve certification to APACS55, the specialist security standard for businesses undertaking check printing.<br /><br />However, the Stage 1 independent audit conducted in May 2007 identified gaps between the requirements of ISO27001 and dsicmm&rsquo;s security regime as presented to the assessors. While the company passed this inspection, it decided that expert advice was needed to rectify the nonconformances and progress to full ISO27001 certification. Upon its appointment in July 2007, IT Governance helped dsicmm to compile the documentary proof that the auditors would require. <br /><br />Steve Watkins of IT Governance says, &ldquo;Although dsicmm already had many of the right measures in place, ISO27001 is very exacting in its demands and also sometimes difficult to interpret. We were able to advise the business on how the standard applied to them and ensure that information for the audit was complete and correctly presented.&rdquo;  <br /><br />A crucial step to be undertaken by dsicmm was an asset-based Risk Assessment, which is a core requirement of ISO27001. IT Governance helped the business to perform this using vsRisk, a purpose-built ISO27001 Risk Assessment software tool developed by IT Governance and software house Top Solutions. It also advised on other documentation, including the development of an Internal Audit Plan and a prescribed format for Incident and Audit reports, as well as how best to integrate the requirements to achieve approval to APACS55.<br /><br />Carol McCarthy, dsicmm&rsquo;s head of business control, comments, &ldquo;Our Stage 2 audit was far less nerve-racking than our first. We benefited hugely from IT Governance&rsquo;s advice, and they effectively mapped out the route we needed to follow. If I were faced with doing the project all over again, the first thing I would do is get an expert consultant in to make sure we were tackling things in the right way. IT Governance immediately impressed us with their calm and reassuring approach.&rdquo;<br /><br />Further information about IT Governance&rsquo;s consultancy services is available at </p>

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|