ISO 27001 For Marketing-Tech Startup

Zappit is a marketing technology firm that offers a suite of innovative solutions for coupon and cashback based marketing and customer care. Zappit helps its customers optimise their marketing campaigns, increase their conversions, and grow their revenue.

As a marketing technology firm, Zappit collects and processes large amounts of data from its customers and their end-users including GDPR protected personal information. Zappit respects the privacy and security of this data and wanted to ensure it is was protected and secure at all times and this protection had been independently verified.

Therefore, Zappit decided to pursue ISO 27001 certification to enhance its information security capabilities and to demonstrate its compliance with the data protection laws and regulations. Zappit also wanted to achieve ISO 27001 certification to differentiate itself from its competitors and to attract more customers who value data security and privacy.

However, Zappit faced some challenges in achieving ISO 27001 certification. First, Zappit had an agile and dynamic IT environment and its internal team was already working flat out to deliver the innovative solutions promised to their clients. Second, Zappit’s clients, often tier 1 global brands, were increasingly asking for independent verification of their platform's security. Third, Zappit had a diverse and distributed workforce, with employees working from different locations and countries.

That's why Zappit turned to Cool Waters Cyber for help to provide day to day managed cyber security and to gain ISO 27001 certification. Cool Waters Cyber assigned a dedicated project manager and ISO 27001 expert to work with Zappit on the certification project and cyber security experts to be Zappit’s cyber security team including a Chief Information Security Officer (CISO) to lead Zappit’s security strategy. Cool Waters Cyber conducted a comprehensive risk assessment to identify the potential threats and vulnerabilities that Zappit faced in its IT environment and its business processes. Cool Waters Cyber then developed a project plan and a roadmap to implement the necessary controls, policies, and procedures to mitigate the risks and to meet the ISO 27001 standard. Cool Waters Cyber also provided training and awareness sessions to Zappit's staff to ensure they understood their roles and responsibilities in the information security management system. Cool Waters Cyber conducted regular reviews and tests to monitor the progress and effectiveness of the project. Finally, Cool Waters Cyber prepared Zappit for the audit by a UKAS accredited certification body and supported them throughout the audit process.

As a result of Cool Waters Cyber's compliance-as-a-service, Zappit achieved ISO 27001 certification within nine months, with no non-conformities or issues and have just passed their second annual surveillance audit – again with no non-conformities or issues being discovered. Zappit was able to demonstrate to its customers and stakeholders that it had implemented a robust and reliable information security management system that met the international best practices. Zappit also gained the following benefits from ISO 27001 certification:

·      Enhanced reputation and trust among its customers and partners

·      Increased customer satisfaction and loyalty

·      Reduced risk of data breaches and cyber attacks

·      Reduced cost of sale and supplier due diligence

·      Compliance with relevant laws and regulations

·      Access to new markets and opportunities

Zappit's CEO, Mark Fraser, said: "We are very happy with the outcome of the ISO 27001 certification project and working with the team at Cool Waters Cyber. They do an outstanding job of managing our day-to-day cyber security and compliance – leaving my team free to focus on delivering our projects and platform innovations. Cool Waters Cyber were professional, responsive, and flexible throughout the project, and they delivered the project on time and on budget. I’d recommend Cool Waters Cyber to anyone looking for a cyber security partner to help them achieve ISO 27001 certification or provide an outsource managed cyber security team."