How ISO27001 Enables Future Growth for Data Quality Leader Datactics

SA Backdrop

Background

Datactics is a leader in data quality, mixing a blend of innovation, creativity and engineering to build and deliver world-class software products to businesses globally. Their platform, complemented by AI technology, enables their customers to make sense of complex data sets, fast.

Having identified ISO27001 as a key enabler for future growth, their team engaged Vertical Structure with the task of guiding them to a successful, first-time certification

Why Datactics Chose Vertical Structure

As an existing customer, Vertical Structure had previously worked with Datactics on numerous projects including the security testing of their software products. Having experienced first-hand the level of service provided the Vertical Structure team, and having guided countless other organisations in achieving certification, Vertical Structure was the obvious choice according to Dave Brown, Head of Security and DevOps.

When I joined Datactics in 2019 one of the first documents I was given was a security posture test that had been conducted by Vertical Structure. It was clear to see from that document that VS understood security and what was expected from companies such as our own. As we have continued to grow our security landscape since that first report we have worked with VS a number of times on projects such as Threat Modelling training and Penetration Testing for our AI microservices. When it came time to pick a consulting partner for our ISO certification VS was the obvious choice for me as a trusted partner.

Dave Brown (Head of Security and DevOps, Datactics)

The Process

Maximising value is key delivery objective in our service offerings, including ISO27001. Uniquely, certification to this standard yields much more than a certificate at the end of the process. There are numerous positive organisational and cultural benefits that emerge as a result.

To bring out these benefits and facilitate a smooth certification, our security consultants are embedded within our client’s organisation throughout the entire journey. Working in such proximity with key stakeholders allows our team to fully understand the organisation’s needs and help to navigate the unique challenges that differ from organisation to organisation. The result - a tailored implementation plan that addresses the organisations unique security needs.

For Datactics, this meant working closely with Cyber and Information Cyber Security Consultant Tom Shields. Having guided countless technology firms to successful certifications to ISO27001, Tom was a perfect fit to guide Dave and his team through the various phases of certification:

Gap Analysis

Identifying the ‘gaps’ between an organisation's current security practices and the ISO 27001 standard.

Risk Assessment

Identifying, analysing, and evaluating threats to an organisation's information security. This includes the assessment and impact of risks and prioritising these so appropriate controls can be implemented.

Policy Development

Creating documented policies and procedures that define how an organization manages information security.

Training and Awareness

Educating employees on security policies and best practices, ensuring they understand their roles, are aware of risks, and know how to respond to incidents, fostering a security-conscious culture.

Implementation

Formalisation of the Information Security Management System (ISMS). The ISMS includes guidance on establishing policies, controls, and risk management to ensure effective integration and compliance with ISO27001 requirements.

Internal Audit

An internal review to ensure the organisation's ISMS meets the standard's requirements. It identifies gaps or non-compliance areas, allowing issues to be resolved before the formal certification audit.

Final Audit

The final audit conducted by an external auditor.

From the outset, Datactics demonstrated a considerable level of preparedness through existing internal documentation, processes and policies – much of which was later formalised into their Information Security Management System (ISMS).

When conducting an initial assessment on an organisations information security and being presented with organically developed policies created by a team who understand their importance, is a positive signal and key factor in moving them through the certification process efficiently. These are signals that Datactics demonstrated consistently throughout the process.

Additionally, when it came to roles and responsibilities, there were many cases of adoption over delegation - another key ingredient of a culture fitting for a successful ISO certification says Tom Shields:

It was obvious from day one that Datactics was well prepared for certification. With existing documentation, policies and procedures combined with a little guidance and formation of an ISMS, the team were well along into journey to become certified. It’s refreshing to work with teams like this who foster security cultures organically, who understand the need for policies, and who work to get them implemented.

Tom Shields (Senior Cyber Security Consultant, Vertical Structure)

Results

As expected, the certification process yielded immediate results for Datactics. The plan, implemented by Tom and executed perfectly by their team delivered each of their key objectives and a first-time pass.

Additionally, the journey in becoming certified had a much deeper, wider impact on fostering a security-conscious culture within the business. Some of which included:

  • Organisation-wide security awareness
  • Adoption of security by design methodologies
  • Workforce buy-in

Victoria Wallace, Senior DevOps & Security Specialist, stated:

Security is at the heart of everything that Datactics does and achieving ISO 27001:2022 certification is a testament to the team’s unwavering commitment in this technical field. Showcasing the extensive work that went into this prestigious achievement proves that dedication and determination can lead to significant success, both within Datactics and across our client ecosystem.

Victoria Wallace (Senior DevOps & Security Specialist, Datactics)

About Datactics

Datactics, a Belfast-based technology vendor, specialises in data quality and matching software, augmented with AI and ML. The company provides robust solutions and professional services in highly regulated industries including global Tier 1 banks and Government agencies, driving better quality data for regulatory compliance, delivering single customer/citizen view, and improving business intelligence and analytics. The firm provides a no-code/low-code solution designed to eliminate roadblocks common in data management, where users are not required to have technical or software programming skills to use the platform.

Need help?

Email Us
email hidden; JavaScript is required

Call Us
+ 4428 9099 5777

Or send us a quick message

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.