URM’s latest ISO 27001 case study involves James Hay Partnership (JHP), one of UK’s leading platform providers in the retirement and wealth planning market. Unusually, the business driver behind seeking certification was not in response to an explicit client request but a desire to build on existing controls and information security practices, through greater centralised management.

The case study details the key stages that JHP went through in achieving certification against a scope that encompassed the whole organisation. This includes the risk assessment, the rationalisation and prioritisation of policies and processes and the development of a dedicated information security and cyber crime committee. (ISCCC)

Jonathan Shehan, Information Security Manager at JHP, provides his thoughts on the key success criteria behind certification, notably the support and commitment of senior management, introducing an information security champion and the role played by URM. The involvement of URM was a light touch one, providing direction and guidance with a significant input in the risk assessment activity including the use of Abriska, our risk management tool.

The case study concludes with Jonathan Shehan discussing some of the benefits that have been derived from ISO 27001 certification, including enhanced information security culture and greater formalisation of policies and processes. A key benefit created by the ISMS framework, dedicated Information Security Manager role and ISCCC is a more centralised and continuous focus on emerging threats, including cyber crimes.

For more details, download a full copy of the case study here.