Susteco needed ISO 27001 certification to meet customer demands while facing several obstacles:
Balancing adherence to corporate requirements with independence due to planned carve-out.
Meeting a tight contractual deadline.
Navigating significant project changes in scope and project leader.
Translating compliance from an older ISO 27001 version to the current standard.
Managing numerous referenced parent company's documents.
"Major findings: 0; Minor findings: 0; Recommendations (OFI): 3. You must have done something right!"
We implemented a strategic approach that delivered results:
Strategic Policy Adaptation - Carefully dissected extensive parent policies and mapped them to current ISO 27001 requirements
Pragmatic Document Management - Made the critical decision to reference external documents rather than importing them, significantly reducing effort in maintaining compliance
Rigorous Validation Process - Created interconnected mapping tables to ensure complete coverage of requirements, with independent cross-verification
Clear Stakeholder Communication - Proactively engaged with leadership with transparent reporting on progress and the external auditor to gain buy-in for our unorthodox approach
Successfully achieved ISO 27001 certification on time and within budget.
Met contractual obligations for key customers.
Established an independent security framework aligned with the parent company's requirements.
Enhanced customer trust through demonstrated security commitment.
Our expertise in navigating complex organizational structures while meeting strict compliance deadlines showcases our ability to deliver practical solutions to challenging certification projects. By making strategic tradeoffs and maintaining clear communication with all stakeholders, we transformed a potentially overwhelming compliance project into a structured, achievable process.
For the full case study, contact us at sales@bare-consult.nl.
