IT Governance Makes it Quick for Gemserv

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

<strong>Ely, England &mdash; Oct. 29</strong><br />An energy market consultancy has achieved ISO 27001 certification from scratch in just 10 months with the help of IT Governance Limited. Gemserv, which advises on regulatory and governance issues in liberalizing energy markets, turned to ISO 27001 specialists IT Governance for strategic advice, training and coaching as it embarked upon its compliance project. After only 10 months, Gemserv passed its ISO 27001 audit without a single comment or qualification by the independent assessors.<br /><br />Gemserv called in IT Governance to advise it in late 2006. Gemserv routinely handles sensitive commercial and economic data on behalf of its clients, which include several sector regulators in the U.K. and Ireland, the Carbon Trust and the Institution of Mechanical Engineers. Having already achieved ISO 9001 certification in 2004, the company identified ISO 27001 as a natural way to enhance its reputation further. <br /><br />Gemserv&rsquo;s selection of IT Governance was partly due to a shared belief that the in-house team should take ownership of the compliance process.  IT Governance&rsquo;s approach is to facilitate a knowledge transfer to its clients, equipping them to deliver and maintain ISO 27001 compliance over the long term. <br /><br />IT Governance guided the company through several preparatory stages, including the appointment of a project board, selection of a project management methodology and training of the project team. All team members attended a one-day foundation course, which explained the purpose of the standard and the particular requirements of its risk assessment process. Project Manager Dinesh Sharma also undertook a more detailed three-day Masterclass, which covered the entire implementation process, including project scoping, risk assessments, documentation, management review and preparation for a successful certification audit. Sharma says, &ldquo;We were extremely pleased with the training, which managed to inform but not overwhelm us.&rdquo;<br /><br />IT Governance then devised a tailored five-stage road map to review the work of the project team at critical junctures in their work. Reviews took place following completion of the Information Security Policy, Project Scoping and Project Initiation documents; at the Risk Assessment and Risk Treatment stages; and again during an internal audit immediately prior to the two-stage independent assessment.<br /><br />Speaking about IT Governance&rsquo;s contribution, Sharma says, &ldquo;When you&rsquo;re in unfamiliar territory, it&rsquo;s good to have a guide. Bringing IT Governance in periodically struck the right balance for us, making us stand on our own feet but also ensuring we remained on track. It has been less costly than using a permanently assigned consultant, so we were able to progress our compliance project on a reasonable budget.&rdquo; <br /><br />Gemserv&rsquo;s CEO Nigel Bromley feels that achieving the ISO 27001 certification has brought important competitive benefits: &ldquo;We saw ISO 27001 as a way of proving that our information assets are secure. It is going to be an important tool to help us win more business. Being certified will increasingly become a prerequisite for tenders.&rdquo;<br /><br />&ldquo;Achieving ISO 27001 certification has allowed Gemserv to show that it is &lsquo;a safe pair of hands&rsquo; for data security and business continuity,&rdquo; says IT Governance consultant Steve Watkins, who managed the engagement and acted as &lsquo;project coach.&rsquo; &ldquo;It is also another demonstration of the company&rsquo;s commitment to best practice in all its work.&rdquo;<br /><br />Further information about IT Governance&rsquo;s consultancy services is available at<br />

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|