Share this page
A printing and mailing company, was asked to demonstrate the security of the organization as a whole in order to be an active finalist for contracts and attract new business. After researching the contract requirements, it was determined that meeting the ISO 27002 standard was the most appropriate security certification for this organization.
Miles Technologies, acting in an advisory role, recommended establishing a real-time guide to meeting the ISO 27002 standard rather than performing a more traditional gap analysis. Working with Miles Technologies, our customer began to assemble all of the components necessary to meet the standard including the necessary technology (software and IT infrastructure) as well as documentation, policies and procedures.
As our customer worked on creating the security strategy, Miles Technologies provided consultation and advice on both the technology and procedural aspects of this security initiative. As our customer received additional feedback, they were able to make better decisions in formulating their new policies and procedures.
The solution in this case was the development and implementation of the strategy that lead to our customer achieving ISO 27002 compliance. Because most of the strategy was based on policy and procedure, Miles Technologies created complete documentation for executing the strategy while also developing documentation outlining the significance of their policies and procedures. This has proven to be a valuable tool for working with current and prospective customers. Both active and prospective customers working with our customer understand how the policies designed to achieve this standard play an essential role in protecting and securing their business critical data.
In addition to developing a cybersecurity strategy, Miles Technologies also worked to improve procedures in other areas such as whole business disaster recovery, change management and change control. One of the recommended solutions for change management was NNT change tracker,some details of which are documented in a case study from NNT.
Meeting the ISO 27002 standards by creating and implementing new policies and procedures opened the doors for new business. The majority of their new RFPs are those that require full ISO 27002 compliance or, at minimum, several elements of the compliance standards. Working with Miles Technologies to meet the compliance standards has helped create a culture of putting security at the forefront of how our customer conducts business on a daily basis. Miles Technologies ensured they were able to secure their infrastructure in a way that balances security and usability.
Business Productivity: An Eye to the Future
Even though the ISO 27002 security standards were met, the process does not end there. Cybersecurity strategy is a constantly evolving process, and Miles Technologies will continue working with our customer to ensure they remain compliant and secure as their infrastructure and business needs change. This will be achieved by conducting a recurring gap analysis as well as continued research and development on the latest cybersecurity technologies, policies and procedures. Any security or compliance policy is a living process that needs to be continually evaluated so it can adapt and evolve along with the business.