Situation
A privately held software company, providing a desktop tool for electronic or magnetic tax form filing, sought ISO 27001
certification to achieve market differentiation and to assure customers of its high security standards.
Strategy
Orange Parachute's two-step approach met the software company's objectives for self-directed implementation and certification.
A gap analysis and detailed project plan proposal provided the software company with a road map for success. Orange
Parachute consultants worked closely with client staff and presented workshops and training around
- international standards;
- the compliance certification process;
- data classification and handling;
- risk assessment/management; and
- security process development.
Results
Orange Parachute successfully equipped the software company with a documented plan, templates, tools and knowledge for confidently
implementing a certifiable information security management system.
- Management receives regular reports on information security and can readily access activity documentation.
- Staff holds outsourced service providers accountable through improved contract parameters, risk monitoring and service quality reviews.
- Internal business departments maintain more timely and clearly defined communication channels and responsibilities.
Orange Parachute continues to help bring the organization's ISMS to full maturity, and will facilitate the certification process for its core financial applications and processes.
Note: HotSkills, Inc. launched Orange Parachute in 2007. This case study may predate the Orange Parachute name and launch, but the work was completed by the same consultancy.