A 27001:2022 transition case study

Image demonstrating transition from 27001:2013 to the 2022 version.
Case study News

November 22nd, 2023

|

3 min read.

Background

Inventory Hive is beautifully easy property inventory software, provided as Software as a Service. They have operated an ISO 27001:2013 compliant ISMS for the last 3 years, and with their recertification looming, they decided that now would be a good time to transition to the new (2022) version of the Standard.

Our engagement

ADL were introduced to Inventory Hive through another happy client of ours.

Our initial discussions were focussed on the work required to complete the transition. However, as conversations progressed, it became apparent that we had a unique opportunity to redevelop their ISMS into something more beautiful.

The first challenge

We tend to see two primary versions of ISO 27001 Management Systems. They are either:

  • Built by consultants who want to make it impossible for the client to live without the consultant's support; or

  • Built by employees, who have never had to build an ISMS before and aren't really clear about what they're doing, or why

Inventory Hive were the latter. The system did the job - but it was quite apparent that there was a LOT of unnecessary stuff in the system that they couldn't explain or justify beyond "we thought that was a requirement".

So our first challenge was to strip away anything that the Standard didn't require. With what was left, we then had to figure out what was useful and what wasn't. For everything that wasn't useful, we had to find a way to meet the Standard's requirements in a way that is useful.

The 27001:2022 transition

We then took what was left of Inventory Hive's ISMS and restructured it to make everything easier to find and more logical in its organisation.

We rebuilt the SoA, and provided "cheat sheet" linking for each control to where to find evidence of controls being in place/effective.

We then identified some key tools that were already in use within the business that could make the process of maintaining the ISMS considerably easier for them. This included providing:

  • Automated reminders for recurring tasks; and

  • Audit trails for activities (such as improvements, risk treatments, CAPs etc)

We also improved:

  • The event/incident management process, making capturing evidence of activities much easier

  • Supplier Management, substantially reducing the amount of management overhead that the previous process was creating, and streamlining the process to provide better results with less work

The outcome

The finished system restructure and transition (including documentation redevelopment and setting up of new tooling) took about 8 days to complete. The result is a far easier, clearer and productive system, from which the business now sees tangible benefit and feedback that supports the business in its objectives.

The organisation has successfully completed it's ISO 27001:2022 Transition Audit, receiving a recommendation for continued certification. There were no non conformities identified.

Congratulations Inventory Hive!

Andy Larkum

Managing Director

ADL Consulting logo, ISO 27001 consultants
ISOQAR ISO 27001 logo

Registered Office: 6 Hinckley Road, Ibstock, Leicestershire, LE676PB, UK

Company Registration No: 06684621

VAT No: 140 0539 56

Company

© ADL Consulting Ltd 2023. All rights reserved.