back to Case Studies

Leverage Lab’s ISO 27001 Readiness Program

Leverage Lab’s ISO 27001 Readiness Program

Key Customer Facts

Leverage Lab
- Location: Kansas City, MO
- Size: Startup
- Industry: Technology
- Use case: ISO 27001 Certification
- Website: https://leveragelab.com/
Leverage Lab’s ISO 27001 Readiness Program

Project Challenges

  • ISO 27001 is an international standard focused on managing information security within an organization. Leverage Lab wished to obtain an ISO 27001 certification to validate their information security program and provide customers with confidence that their data is secure. The ScaleSec team worked with Leverage Lab to implement the required processes, procedures, and technical controls to meet the ISO 27001 standard for their systems and applications using Google Cloud Platform (GCP).
Overview

Leverage Lab’s business has expanded rapidly over the past two years and they have begun interfacing with larger clients, including enterprise customers with strict vendor information security requirements. To satisfy these supply chain security requirements and provide an external attestation of security controls, Leverage Lab instantiated a project to obtain an ISO 27001 certification for two of their customer-facing services built with a wide range of GCP services including BigQuery, BigTable, Cloud Functions, and Compute Engine.

Insight

As information security has become increasingly important in today’s business landscape, Leverage Lab wanted to differentiate itself from its competitors by validating its information security program. Leverage Lab selected the ScaleSec team to perform a readiness engagement, which involved reviewing the current ISMS implementation and assisting in the remediation of areas within the ISMS to meet the ISO 27001 standard in preparation for the external audit.

Services provided

ScaleSec began the readiness engagement by performing an assessment to discover and prioritize gaps that exist between the current information security program and the ISO 27001 standard. The assessment involved interactions across all teams within Leverage Lab and focused on both the ISO 27001 clauses and Annex A controls.

ScaleSec provided a prioritized roadmap of recommended tasks that remediate the identified findings following the assessment. The ScaleSec and Leverage Lab teams worked collaboratively to remediate the findings, including authoring dozens of policies and procedures, implementing a risk management framework, building and testing the Business Continuity and Disaster Recovery plans, and performing an internal audit. Together the teams designed and configured cloud native security services including Cloud Logging, Cloud Monitoring, and Security Command Center.

After completing the remediation activities, ScaleSec guided Leverage Lab through the ISO 27001 audit process, including auditor selection, scope definition, and audit preparation.

Customer Voice
“ScaleSec thoughtfully tailored our ISO 27001 program to our business, and built cloud-friendly controls we can manage with confidence. We enjoyed the collaboration, and are thrilled to have completed the audits without findings.”
Frederick Gyebi-Ababio, Director of Information Security
Results / Impact / Highlights

Following the two-stage ISO 27001 audit, the Leverage Lab team successfully obtained an ISO 27001 certification. The company was well prepared for the audit due to the effort put into the readiness engagement. As a result of the readiness engagement, the external auditors did not identify any non-conformities during the audit.

In addition to being a differentiator when marketing services, Leverage Lab’s ISO 27001 certification will also reduce the time spent during the procurement process. The externally validated certification will streamline answers to security questionnaires contained within requests for proposal (RFP) and requests for information (RFI), leading to faster customer acquisition and delivery.

Finally, both the Leverage Lab management team and security practitioners have increased confidence in their internal security processes, procedures, and overall security program after validating them during live exercises during the readiness engagement.


ScaleSec is a Cloud Security Alliance Member.
ScaleSec is a Better Business Bureau® Accredited Business.
ScaleSec is a PCI Security Standards Council Participating Organization.
ScaleSec is a service-disabled, veteran-owned small business (SDVOSB) for cloud security.
ScaleSec is a certified Veteran’s Business Enterprise™ (VBE) from the National Veteran Owned Business Association.

Here for you

Have questions? Leverage our expertise to help you meet your business goals with a strong security posture.

Join us

ScaleSec is a well-connected, fully remote team. We thrive in the great undocumented beyond. We’re hiring in most US metros.

Get in touch

Considering cloud? Want to optimize and transform your existing digital portfolio?
Reach out to us.

Gap Assessment

Get perspective. Address security comprehensively.

Prepare for compliance.

ScaleSec
San Diego, CA 92120, United States

619-SCALE15

© 2022 ScaleSec. All rights reserved. | Privacy Policy