Buddy

With more and more companies utilising the internet to share and spread information that may be confidential, it is crucial that data security and integrity are maintained.

Many companies have started requiring that services are ISO 27001 certified in order to ensure data confidentiality, integrity and availability. Buddy teamed up with STEP to get ISO certified to not only satisfy the request of potential clients but to also create an information security-centric infrastructure that is easily maintained.

One of Buddy’s concerns was figuring out how to do internal training to make sure that every employee was knowledgeable about the ISO 27001 Implementation.

Because Buddy is a small company in terms of human resources, STEP had to make sure that every minute spent with the client was maximized and utilised effectively.

STEP made certain that the management system put in place did not add to the company’s bureaucracy or complicate its processes.

STEP’s strategy involved numerous meetings with back-and-forth discussions about the procedures and rules that were already in place within the company.

To make sure Buddy is compliant with the standard, STEP assisted in the consolidation of policies, the information security manual, the statement of applicability, risk assessments, and related support procedures.

Buddy’s employees were informed of their responsibilities in relation to the standard, and STEP conducted an impartial Internal Audit and Management Review during which Buddy’s control efficacy was confirmed. This involved looking at the correct implementation of the controls.

A list of Opportunities for Improvement (OFIs) was produced as a result of the Internal Audit and Management Review, which Buddy would use to improve their Information Security Management System.

All of this served as a precursor to the Certification Audit that SMC conducted in November 2020.

Buddy and STEP have been working hard together to ensure that the culture of information security is maintained.