Case Study

Cybersecurity Audit CAse Study

Audit Answers cuts out redundant activities used by other audit preparation firms and delivers a documented security program in record time

Intro

How we got our client ISO 27001 certified in 60 days

This case study highlights the importance of risk assessment and documentation in the cybersecurity audit process. It also demonstrates how quickly certification can be obtained when you have a plan in place. ISO 27001 is a globally recognized standard for information security management. It provides a framework for organizations to establish an effective security program. Certification to ISO 27001 demonstrates that an organization has put in place the necessary people, processes and technology to protect its data and assets. The benefits of ISO 27001 certification include: improved security posture, reduced risk of cyber attacks, and most importantly, increased credibility with customers and partners.

Details

Rapid process documentation

Challenge

After being acquired by a large law firm, our client required a cybersecurity audit certification, but was struggling with getting everything in order. They didn’t know where to start, what was required, or how to go about the process. To add pressure, the client’s new parent company had given them a year and half to prepare, but the client waited until the last minute to decide that they needed outside help. As a legal technology firm our client deals with extremely sensitive and privileged data. We needed to ensure that the cybersecurity auditors would be happy with the information security management practices put in place. During the process we lost about 4 weeks due to Thanksgiving, Christmas and News Years holidays.

Solution

We started with a CIS RAM risk assessment in order to get an understanding of their current security posture. This allowed us to quickly identify any gaps in the people, processes, or technology used to manage the information security risk. We then documented the current processes and procedures used to protect the information information in their systems. This data was entered into an open source governance, risk and compliance (GRC) tool. With the information neatly organized in this system, we were able to

  • Develop an actionable road map
  • Track and drive progress
  • Clearly Demonstrate compliance to auditors

And sure enough, In just 90 days, our client was successfully certified.

 

Audit Prep Duration

3 Months

Certification status

Granted

Controls Implemented

114

Testimonial

“Thank you so much! Our audit has finished and we have achieved certification.”

Director, Information Technology

Get In Touch

+1 866-500-1776
support@auditanswers.com