ISO 27001 is an international standard focused on managing information security within an organization. Leverage Lab wished to obtain an ISO 27001 certification to validate their information security program and provide customers with confidence that their data is secure. The ScaleSec team worked with Leverage Lab to implement the required processes, procedures, and technical controls to meet the ISO 27001 standard for their systems and applications using Google Cloud Platform (GCP).
Leverage Lab’s business has expanded rapidly over the past two years and they have begun interfacing with larger clients, including enterprise customers with strict vendor information security requirements. To satisfy these supply chain security requirements and provide an external attestation of security controls, Leverage Lab instantiated a project to obtain an ISO 27001 certification for two of their customer-facing services built with a wide range of GCP services including BigQuery, BigTable, Cloud Functions, and Compute Engine.
As information security has become increasingly important in today’s business landscape, Leverage Lab wanted to differentiate itself from its competitors by validating its information security program. Leverage Lab selected the ScaleSec team to perform a readiness engagement, which involved reviewing the current ISMS implementation and assisting in the remediation of areas within the ISMS to meet the ISO 27001 standard in preparation for the external audit.
ScaleSec began the readiness engagement by performing an assessment to discover and prioritize gaps that exist between the current information security program and the ISO 27001 standard. The assessment involved interactions across all teams within Leverage Lab and focused on both the ISO 27001 clauses and Annex A controls.
ScaleSec provided a prioritized roadmap of recommended tasks that remediate the identified findings following the assessment. The ScaleSec and Leverage Lab teams worked collaboratively to remediate the findings, including authoring dozens of policies and procedures, implementing a risk management framework, building and testing the Business Continuity and Disaster Recovery plans, and performing an internal audit. Together the teams designed and configured cloud native security services including Cloud Logging, Cloud Monitoring, and Security Command Center.
After completing the remediation activities, ScaleSec guided Leverage Lab through the ISO 27001 audit process, including auditor selection, scope definition, and audit preparation.
ScaleSec thoughtfully tailored our ISO 27001 program to our business, and built cloud-friendly controls we can manage with confidence. We enjoyed the collaboration, and are thrilled to have completed the audits without findings. Frederick Gyebi-Ababio, Director of Information Security
Results / Impact / Highlights
Following the two-stage ISO 27001 audit, the Leverage Lab team successfully obtained an ISO 27001 certification. The company was well prepared for the audit due to the effort put into the readiness engagement. As a result of the readiness engagement, the external auditors did not identify any non-conformities during the audit.
In addition to being a differentiator when marketing services, Leverage Lab’s ISO 27001 certification will also reduce the time spent during the procurement process. The externally validated certification will streamline answers to security questionnaires contained within requests for proposal (RFP) and requests for information (RFI), leading to faster customer acquisition and delivery.
Finally, both the Leverage Lab management team and security practitioners have increased confidence in their internal security processes, procedures, and overall security program after validating them during live exercises during the readiness engagement.