Situation
The client is a major provider of global Virtual Data Rooms (VDR's) with a specific product line that they wanted to differentiate as it pertains to security and data privacy.

• ISO 27001 certification and registration would have major marketing benefits.
• There was significant market demand, and none of their competitors possessed the certification.

The Challenge
The information security department had good information security practices in existence, however, the challenge was formulating a scope around a business function in contrast to scoping specific information assets contained within an operational area such as a data center.

The Solution

• An Information Security Management System (ISMS) was created.
• Scope of registration was defined
• Risk Assessment was performed
• Risk based Standards and Proceses were defined
• Specifications and procedures were created
• Physical and logical operational controls were deployed
• Records were identified and gathered

The Result
The result of the project was:

• Certification and registration to the ISO 27001 information security management standard.
• Third party validation of their product.
• Ability to address and dominate a market niche.
• Global Award for "Best in VDR Technology CISO largely attributes this to their ISO 27001 certification.