IT Governance Helps dsicmm Group Win ISO27001 Certification

The UK's largest independent direct communications group has achieved ISO27001 certification with the help of IT Governance Limited. dsicmm Group, which serves over 90 FTSE 100 companies, called in the consultancy to help it prepare for its Stage 2 ISO27001 audit after certain non-conformances were highlighted during its Stage 1 assessment. With the help of IT Governance, dsicmm was able to quickly address these issues and in November received its ISO27001 certification, after just two months of preparation.

Information security and quality assurance are deeply engrained within dsicmm's culture, particularly as the business counts many financial services organisations among its clients. Having already achieved BS7799 compliance in 2006, the company saw ISO27001 certification as a natural progression for its information security defences. As a complement to this, the business also wanted to achieve certification to APACS55, the specialist security standard for businesses undertaking cheque printing.

However, the Stage 1 independent audit conducted in May 2007 identified gaps between the requirements of ISO27001 and dsicmm's security regime as presented to the assessors. While the company passed this inspection, it decided that expert advice was needed to rectify the non-conformances and progress to full ISO27001 certification. Upon its appointment in July 2007, IT Governance helped dsicmm to compile the documentary proof that the auditors would require.

Steve Watkins of IT Governance says, "Although dsicmm already had many of the right measures in place, ISO27001 is very exacting in its demands and also sometimes difficult to interpret. We were able to advise the business on how the Standard applied to them and ensure that information for the audit was complete and correctly presented."

A crucial step to be undertaken by dsicmm was an asset based Risk Assessment, which is a core requirement of ISO27001. IT Governance helped the business to perform this using vsRisk, a purpose-built ISO27001 Risk Assessment software tool developed by IT Governance and software house Top Solutions. It also advised on other documentation, including the development of an Internal Audit Plan and a prescribed format for Incident and Audit reports, as well as how best to integrate the requirements to achieve approval to APACS55.

Carol McCarthy, dsicmm's Head of Business Control, comments, "Our Stage 2 audit was far less nerve-racking than our first. We benefited hugely from IT Governance's advice and they effectively mapped out the route we needed to follow. If I were faced with doing the project all over again, the first thing I would do is get an expert consultant in to make sure we were tackling things in the right way. IT Governance immediately impressed us with their calm and reassuring approach."

Further information about IT Governance's consultancy services is available at http://www.itgovernance.co.uk/consulting.aspx.

Notes to editors:

IT Governance Ltd is the one-stop-shop for information books, tools, training and consultancy. It is an international authority on ISO27001 and has published a suite of authoritative compliance guides to the standard. IT Governance is 'non-geek': it approaches IT issues from a non-technology background and talks to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.



Author Information

MARC CORNELIUS
80:20PR