Situation
The information security department for a U.S. regulatory body, responsible for implementing monetary policy and regulating financial
institutions, wanted third-party validation of its services. The department already held ISO9001 quality certification, making
BS7799 security certification a perfect complement.
Strategy
Orange Parachute added value to an already mature department by documenting and defining the national project's scope. The process
contextualized department functions and clarified individual accountabilities. Orange Parachute matched existing practices to
BS7799 certification requirements in a Statement of Applicability to facilitate a smooth certification and registration process.
Results
Orange Parachute successfully implemented a standards-based ISO 27002 (formerly known as ISO17999) Information Security Management
System, resulting in the department's certification and registration to BS7799:2. In addition, Orange Parachute successfully
validated the information security department’s practices and assisted in upgrading certification to ISO 27002.
Note: HotSkills, Inc. launched Orange Parachute in 2007. This case study may predate the Orange Parachute name and launch, but the work was completed by the same consultancy.