CASE STUDies

ISO27001 Consultation Case
A multinational financial institute with head office in Hong Kong, providing professional financial services worldwide.

Size 200+ Employees
Services ISO27001 Certification Consultation Services
Challenge Set up information security management system, including documentations and implementations as preparation for ISO27001 certification. Leading client’s management to participate in the improvement cycle.
Results Establish ISMS manual, policies, procedures and guidelines for ISO27001 security framework and system structure. Provide technical recommendations for improvement and corrective action plan.
Follow - up Diminishing existing information security holes. Review policies, procedures and guidelines for improvement. Provide practical advises and progress monitoring to related functions for implementing new information security methods and tools as suggested.

Challenge
In this case, our client is a multinational finance house with over 200 employees distributed worldwide. As a global financial institute, our client globally runs several real-time trading systems at any one time. Our mission is to set up our client’s security management framework and information security level, base on ISO27001 standard to reduce information security risks. At the same time, we will provide our technical recommendations for our client and lead them to grant the ISO27001 certification and more importantly, an continual improvement model for their information security.

Results
Through interviews with our client’s management team, our audit team designed a set of manuals as the information system management system. The manual was amended and issued along with a set of policies, procedures and guidelines on ISO27001 standard for our client in different area to reduce the security risks.

Our audit team also performed onsite checking for the implementations part of the audit, aiming not only at to prepare our client environment technically, but also providing solid experience for our clients in facing certification body auditors upon the real trail of certification. At the end of the day, our client has successfully passed all stages of the ISO 27001 certification on a first time trail, and are recommended by BSI Hong Kong to grant the ISO 27001 certification.

Deliverables:
  • Information Security Management System design, setup, implementation and manual.
  • Policies, procedures and guidelines relating to ISO27001 standard.
  • Technical recommendations for system and framework improvement.
  • Practical experiences in facing ISO auditors during the qualification.

  • Follow-Up
    With ISO27001, the aim is always continual improvement. After the assessment, a list of suggestions are made by the certification body. Practical advises are given to our client and thereafter our team continue to work with our client to monitor the progress of each suggestion and ensure they are completed prior the next audit.

    Impacts
    With the implementation of ISMS, our client has successfully started an improvement cycle on their information security. With our practical advises on technical implementations and our knowledge in industrial standards, our client were able to achieve a high standard of information security within their field. With our help on the certification of ISO27001, our client’s business grew with confidence.

     
    I.T. Audit and Assessment
    I.T. Consultation
    ISO 27001 Consultation
    Vulnerability Assessment and Penetration Test Vulnerability Assessment and Penetration Test Vulnerability Assessment and Penetration Test