Subscribe

Mint Management Technologies: first South African company to be certified 27001 on home ground


Johannesburg, 25 May 2017
From left to right: Leo van Beek (Guideline Biztech -  RUBiQ Sales Manager), Arik von Brandis (Guideline Biztech - RUBiQ Project Manager), Lauren Clark ( Mint Technologies - HR Manager), Brian Henry (MD Caridon  - RSA PECB Partner).
From left to right: Leo van Beek (Guideline Biztech - RUBiQ Sales Manager), Arik von Brandis (Guideline Biztech - RUBiQ Project Manager), Lauren Clark ( Mint Technologies - HR Manager), Brian Henry (MD Caridon - RSA PECB Partner).

In a world where criminals can make millions by exploiting software to obtain sensitive information and a regulator has finally been appointed for POPI, thus driving renewed focus on risks pertaining to personal information, companies are becoming more and more aware that information security is not a novelty any longer; instead, it is an essential aspect of conducting business.

One such company looked into becoming certified with the ISO 27001 standard. When Lauren Clark from Mint Management Technologies discussed information security with her CEO, certification initially seemed easy. "I said: 'Well, why don't we just get the certification and then it's done?'"

Together with the IT manager, Clark drafted the necessary policies and found a specialist from India who could certify the company. When he arrived, however, he decided not to do an audit but instead to work with them as a consultant. He indicated they had merely scratched the surface, and there was much more work to be done before they could even think of being certified. "It was a big surprise to us exactly how intensive the documentation process was." After nearly six months of hard work, it finally had a working system, a system that continues to need regular maintenance.

At the time, Mint's system was contained in Excel sheets, but integration was not a real option. When the RUBiQ product and service had been described to Clark, she recognised immediately that it was the way of the future for maintaining the ISO 27001 system.

Nicky Downing from RUBiQ elaborated on this: "What they saw was an advantage in the RUBiQ platform. The tool took over the distribution of communication of the policies and procedures, reminded them of when the policies and procedures needed renewal or needed to be reviewed, and it gave them the ability to conduct their internal procedures in a more effective way."

A few months before the due date of their re-certification, RUBiQ informed Mint Management Technologies of a South African company, Caridon, which could undertake the audit. "The biggest draw-card was contextual understanding as well as accessibility and a cost reduction of more than 50%," Clark said about the company's decision to turn to Caridon for the audit. Caridon, a specialised group of consultants and auditors, came on board to begin the auditing process for ISO certification by PECB, an international certification body. This was a milestone for PECB as well, since Mint's certification was the first 27001 certification completed by the PECB in Africa.

With the RUBiQ software, Caridon was able to automate the processes that it would otherwise have had to do manually. "I have never seen anything that does quite what RUBiQ does or can do as a framework," said in an interview. He also noted how more and more companies are not interested in dealing with a company if they do not have certain ISO standards in place, and stressed how important it is for South African companies to bring in formalised structure to the areas where we, as a nation, have struggled in the past. Adopting international standards will ensure that South Africa will stay ahead in the game and Mint has noticed this is indeed true for itself.

When we asked Henry how he would recommend a company should undertake a similar ISO 27001 certification, he said: "Sit down with the experts, the ones who understand the certification standard, to implement the management system. There is a rite of passage here as well because you cannot be certified until you have carried out at least one internal audit, a management review of the management system against the standard, and then implemented a continuous improvement programme to ensure that it will improve over time. Until you have done all of this, there is no point in calling an auditor."

Downing explained where RUBiQ's system fits into this. She said it was built with an understanding of how to entrench the critical processes for compliance rapidly, and in that way, make conformance with the standard easier and streamlined.

When asked about the future, Clark said Mint Management Technologies would continue to work with Caridon and RUBiQ in order to remain an ISO 27001 certified company because of the trust this brings to the relationship it has with its clients. It also knows this gives the company an edge over the competition, because its system's security is validated. And when you realise that ISO compliance is completely integrated into the way it does business, and kept that way by the RUBiQ software, we can see the company will be ISO 27001 certified for years to come.

Share

RUBiQ

Guideline BizTech is an innovative cloud technology company with a long-standing reputation of meeting and exceeding customer requirements. Guideline BizTech develops and supports the governance, risk and compliance (GRC) platform RUBiQ.

Editorial contacts