The first company to be certified to the 2022 version of ISO/IEC 27001
We are just a little bit excited about our certification body (GCC) confirming that we are the first company to be ISO/IEC 27001 certified to the new 2022 version of the standard (by a certification body accredited by JASANZ that is but possibly also anywhere in the world). Pretty cool heh?
Keep reading though if you want to learn HOW we made this possible in just a matter of weeks since the standard was released - 6 secret weapons.
Our 'secret' weapons allow us to move so fast
1. A world-class team
First and foremost, we are grateful to have such a strong team working behind the scenes to ensure our cyber security program and our compliance remains best in class. Specifically, warm congratulations to the team led by Shirin Jacobs along with Andrew Robinson (our CISO), Aatish Sharma and many others from our engineering and operations teams who contribute to our security every day.
2. Making the audit process really easy
GCC is a certification body headquartered in Australia, with global operations and accredited by JASANZ. Our auditor was Nazia Mastali. Nazia has worked for several major Australian cyber security consultancies. GCC and Nazia have learnt what we do, but the process remains the same. What makes it easier for them and us though is that our ISMS is structured and easy to access at it is of course - powered by 6clicks.
3. Identifying the gaps with the help of Hailey AI
There's been plenty written about the changes from the 2013 version of the standard to the 2022 version. In fact, check out this article we published recently on the topic. We were able to take advantage of our Hailey AI to map our own policies/controls to the new version, look for gaps and close them out one by one by enhancing our security policies, procedures and technologies.
4. Our ISMS eats standards for breakfast
6clicks has been able to extend its ISMS to address the 2022 version because we have a well running ISMS that includes policies and procedures, and technologies. Our technology for Governance, Risk and Compliance (GRC) is our own 6clicks platform and its also home to our information assets, risks, and assessments including our Statement of Applicability. Reusing our methodology allowed us to focus on the new or updated controls.
5. Focusing on going above and beyond
There are 11 new controls introduced in the 2022 version (in addition to some small but important changes to the mandatory requirements found throughout sections 5 through to 10). Turns out, they we were already operating the vast majority of the controls. Taking care of compliance with our ISMS gives us the room to breathe and think about nascent threats, vulnerabilities and mitigations that go above and beyond the standard.
6. Building trust better
Every single day the security team responds to questions from prospective customers as well as existing customers. We're able to leverage our compliance to the latest ISO/IEC 27001 standard, and compliance to other standards, to demonstrate that we have suitable measures in place. We're able to lead from the front, build trust and rapidly expand our business as a result.
If you'd like more information including access to the full audit report and ISO/IEC 27001:2022 Annex A Statement of Applicability, please contact your 6clicks account manager in the first instance.