Book a free consultation

  Support  0203 440 2444  | Enquiries  0203 440 2445

Case Study

ISO 27001 Certification at Mind

Mind_Squiggle_Wordmark_White_RGB

What is ISO 27001?

ISO 27001 is an international standard for Information Security Management and provides a framework of good practice, including:

  • Risk management
  • Risk-based decision making
  • Proportionate controls
  • A checklist of good practice

Why Mind chose ISO 27001

Charities are increasingly reliant on data and technology to deliver their missions. It is important that all staff are aware of their Information Security responsibilities and not just the IT teams.

The ISO 27001 standard provides a management process for ensuring information is managed securely across Mind and is audited by an external certification body, which provides assurance to boards, trustees and beneficiaries.

“Thanks to Smartdesc, Mind are now ISO 27001 certified. What we thought would be a very complex and resource intensive process, was not at all. Smartdesc not only drove the work forward but created and implemented the necessary documentation and processes. Our staff were called on only when required, with a focus on training and awareness, ensuring the information security management system was properly embedded and we could operate it with ease. This has given us great confidence in our risk management going forward.”

Phil Walsh, Head of Finance - Mind

How Smartdesc helped Mind achieve ISO27001

Mind opted for Smartdesc’s Information Security Management service which provides them with a dedicated and experienced Information Security specialist 3 days a week.

The specialist guided Mind through every stage of the process including:

  • Creating a Risk Assessment process and engaging with risk owners
  • Working with Risk owners to build and deliver risk treatment plans
  • Auditing Mind against the 93 Controls included in the standard and working with teams to deliver the required remediation
  • Building and delivering Cyber and ISO 27001 awareness training
  • Providing specialist Information Security advice to teams as and when needed
  • Creating the custom paperwork, policies and processes required by the standard
  • Preparing teams for external audit
  • Being the Mind lead during the external audit process

What this certification means for Mind

Mind prioritised embedding the processes and controls thoroughly, which meant the project took 12 months from start to certification. This has resulted in:

  • Achieving a prestigious certification in information security, demonstrating Mind’s commitment to cyber security best practice
  • Assurance to board, trustees, partners and regulators that Mind manage Information Security well
  • Given Mind great confidence that they have effective processes in place and can manage risk more easily going forward, with Information security projects prioritised by risk
  • Greater awareness across Mind that Information Security is everyone’s responsibility
  • A framework to deliver best practice, that is internationally recognised
  • Management processes and checks that provide continual improvement

Download the PDF version by clicking the button

Download PDF

Accessibility Toolbar