ISO in the Spotlight - Rachael Blakely
Written by: David Henderson on Jan 31, 2024
Written by: David Henderson on Jan 31, 2024
Our latest ISO In the Spotlight is Rachael Blakely, Office and Operations Manager at Belfast based AuditComply.
We sat down with Rachael to chat about her role as ISO at AuditComply and to ask her about some of the challenges she sees when it comes to implementing and maintaining ISO27001.
When introducing a brand new standard to the company it’s kind of hard to know where to begin! Fortunately, Vertical Structure was able to guide us every step of the way. There is quite a bit of learning involved and also trying to figure out how you will be able to work the standard into your day to day processes. Fortunately, a lot of the building blocks are there but you really will need complete buy in from your team to make it work. Start at the top and hopefully, everyone else will follow suit! From the start, explain the importance of implementing the standard and the benefits of certification for all departments and all people within the company and then make sure you inform the team at every stage of implementation- the successes and the failures. This way it becomes a team effort and not just the ISO's responsibility.
I think there is still quite a lot of naivety around AI and cyber security. I think we are going to see an increasing threat from that angle in the coming months!
I’m in a fortunate position that AuditComply is a risk management platform so I was able to utilise our own tool to manage our risks. From the initial risks we mapped out in the audit preparation process I was able to build my risk library and then to offset that, the control library and over time have built on those foundations .From my risks and controls I can schedule out all my compliance activities (Internal Audits, management reviews etc) , tasks and other relevant assessments to manage our risks.
This helps me monitor my risks through the success of the controls in place and make amendments where necessary.
Using the analytics function on the platform I can also monitor my risks, making sure they are within my appetite range, see how they have performed throughout the year, has the risk decreased from its inherent scoring or if it has increased- make changes to my controls to better control the risk.
Patience is definitely an essential quality, be patient with the process and with the team- it's a learning experience for everyone! Organisation is key:
If you can schedule out your compliance activities on a monthly basis you can cover all the requirements of the standard in good time and it makes it all seem less overwhelming.
I think it's important to regularly review all of your IS incidents and events so you can recognise trends directly affecting your business. For us, phishing attempts have become more and more predominant. It's usually in response to posts about the business or colleagues on our LinkedIn pages. When we announce a new team member we find they are usually inundated with requests from the ‘CEO’.
Incidents like this really make us value the importance of cyber training and also building a healthy cyber awareness culture within the org, from day 1!
Try and educate yourself as much as possible (and time allows) with webinars, YouTube, articles online and sign up to any relevant newsletters. There are so many great free resources out there!
As the landscape of IS is always changing and evolving, this will keep you in the loop.
Email Us
email hidden; JavaScript is required
Call Us
+ 4428 9099 5777
Or send us a quick message