We drank our own Kool-Aid. ISO certification achieved!
We’re speaking from experience when we report that getting ISO 27001 certified is no mean feat!
With key government agencies adding non-negotiable terms and conditions around meeting GDPR, ISO 27001:2013, and Australian/New Zealand Privacy Act requirements, we needed to ensure we could guarantee to uphold the same standards we promote to our customers.
Our reliance on a massive amount of manual processes meant we’d struggled in our earlier attempts to achieve ISO 27001. So we decided enough was enough. Yes, it was a ‘drink our own Kool-Aid moment’.
ISO or bust
In order to tick the ISO box, we decided to bring together our tools and systems into a single control framework.
“As a Platinum Ivanti Partner, we were already off to a strong start”, says Ed Zarzour, Fusion5 CTO. “The Ivanti Enterprise License Agreement (ELA) provided us with a cost-effective approach to bring together the necessary InfoSec framework with the visibility and reporting we needed to get the job done effectively, and quickly. We looked at the most critical problem inhibiting us, which was our unreliable view of our IT assets. So that was the first stage of the project.
“We deployed Ivanti Endpoint Manager to automatically discover our hardware and software assets and Ivanti Xtraction for real-time dashboards to monitor our inventory. Once our assets were under control,” Zarzour said, “we knew what we needed to secure. For employee devices, we used Endpoint Manager for patching, and for our Azure landscape, we implemented Ivanti Security Controls for agentless patching of our virtual servers.
“Then came Ivanti Automation and Ivanti Cloud, which closed the loop on our proactive problem management capabilities and our ability to support and secure the devices of our distributed workforce. This was a key part of our business continuity plan and served us well when responding to the demands of the COVID-19 pandemic.”
He added, “We’re now implementing Ivanti Application Control and Privilege Management to fortify our security posture and minimise our operational risk even further. The deep auditing capabilities in this technology provides constant feedback into our continuous improvement plan.”
We’re pleased to report that we have significantly reduced our compliance, software, and hardware audit times. A compliance audit used to take us up to seven days to complete. Now, we can do it in a day and a half. All the information we need to serve our audit requests is available in a single dashboard coming from a single change-management platform. So we can prepare for the audit and act on any anomalies quickly.
Accounting for hardware assets across our nine offices and multiple Azure landscapes used to be extremely labour intensive and impacted the resourcing of our customer projects during audit times. These days, it takes one person no longer than two hours.
Our visibility into our software assets through Ivanti Cloud has reduced to a few seconds the investigation time of any question an auditor has. The built-in reclamation Smart Advisor in Ivanti Cloud monitors unused licensable software. It quickly identifies software rarely used so those licenses can be recovered, and identifies any upgrade paths that may be beneficial.
Gaining these time efficiencies has translated directly into cost savings through tool consolidation and freeing up resources to focus on high-value work.
And overall? We’ve achieved a 70% reduction in audit cost through consolidation and automation and improved our security posture by speeding up patching and reducing the attack window.
And yes, we’re also happily ISO 27001 certified.