Situation
The Networking and Information Security divisions of a leading, Midwest-based financial services company wanted to become the first financial services organization to achieve ISO 27001 certification. In addition, the company needed to accelerate their information security program maturity while maintaining flexibility to enhance compliance with changing laws and regulation and improve communication with internal and external parties.

Strategy
Orange Parachute consultants led a four-step process to develop an enterprise-wide security program based on ISO 27002 standards (formerly known as ISO 17799). The organization selected its primary data center to put the new ISMS to the test by participating in ISO 27001 certification.

1. Assessment: Orange Parachute evaluated current security program elements. The resulting Information Security Roadmap guided the team in filling control gaps and revising or updating existing processes and documentation.
2. Design and Development: The Orange Parachute security program was designed to facilitate empowerment at appropriate levels throughout the organization. The new information security framework included a charter, standards and requirements and an updated policy.
3. Implementation: While implementation focused on the organization's primary data center, Orange Parachute's innovative methodologies created a ripple effect throughout the organization. Renewed awareness and better understanding of information security helped other departments evaluate and address their security risks.
4. Certification: The client's primary data center achieved ISO 27001 certification.

Results
Orange Parachute delivered the expertise and experience to select, define and implement a measurable, yet flexible, ISMS in just over 12 months. In addition to achieving certification, the client now:

• Preserves ongoing documentation of its legal and regulatory compliance;
• Sustains clearly defined internal and external communication channels;
• Enforces appropriate empowerment and span of control with informed oversight; and
• Demonstrates continuous program improvement and flexibility.

Return to Case Study List

Note: HotSkills, Inc. launched Orange Parachute in 2007. This case study may predate the Orange Parachute name and launch, but the work was completed by the same consultancy.