Maukaa
ISO 27001:2013 & GDPR
Maukaa Solutions is a start-up based in India, which is foreseeing potential business growth with its Customer Relationship Management software. The CEO of Maukaa believes that; “The success of a start-up can be influenced by several factors. One of the main ways that can prevent business issues in the future is by implementing data protection and information security procedures at the outset of the business journey”. Having clients in India & South Asia, Maukaa wanted something more valuable that will enable them to be the trusted choice among competitors and expand their business to different parts of the world.
Business Driver for ISO 27001 & GDPR
Maukaa’s desire to implement the best practices in their business with regard to ensuring the confidentiality, integrity, and availability of information and supporting information assets was the primary motivation for pursuing ISO 27001 certification. As Maukaa works with data that originates from different parts of the world, it is, therefore a necessary advantage to be compliant with the General Data Protection Regulation. Maukaa as an organization recognized the significance of implementing a continuous improvement plan and safeguarding both its clients’ data and its own reputation with Information Security Management System (ISMS) and GDPR compliance. Obtaining ISMS and GDPR accreditation would be the most effective and practical way of demonstrating how seriously Maukaa takes information assurance both internally and outside. The CEO of Maukaa took the initiative to implement the two-certification process for the organization and ensure the availability of manpower with a dedicated timeline for the same.
key stages
1. Partnering with CertPro
Maukaa was adamant about owning the development and implementation of the two frameworks, but they wanted to use the services of a consultant and training firm that had expertise in helping companies achieve ISO 27001 and GDPR certification.
The CEO of Maukaa came across CertPro’s website while surfing the internet for the best ISO consultant in India, when he got in touch with CertPro, he decided to proceed further as he was impressed by the company’s client-centric and flexible approach, as well as CertPro’s willingness to make both the certification process fit the organization.
At the commencement of the certification program, CertPro’s expertise & knowledge and training skills were put to good use with a high-level presentation to Maukaa’s CEO, describing succinctly and effectively the major steps and resource implications of certifying for ISMS and GDPR. The high-level overview was followed by a five-week bespoke training package that introduced essential information security management and personal data protection concepts detailing critical areas for successful implementation.
Maukaa took on more responsibility as the project progressed and reached its final stages, but they always valued CertPro’s availability and willingness to offer counsel and direction. The consultants at CertPro were very helpful in preparing Maukaa for the Stage 1 and Stage 2 assessments and ensuring that all of the external assessor’s requirements were met.
Related Links
ISO 27001 in Australia
ISO 27001 in Singapore
ISO 27001 in Maldives
ISO 27001 in Philippines
ISO 27001 in South Africa
ISO 27001 in Mauritius
ISO 27001 in Kenya
ISO 27001 in Mozambique
ISO 27001 in Nigeria
ISO 27001 in Eqypt
ISO 27001 in Oman
ISO 27001 in Qatar
ISO 27001 in Bahrain
ISO 27001 in UAE
ISO 27001 in Saudi Arabia
ISO 27001 in Lebanon
ISO 27001 in Kuwait
ISO.org
Wikipedia.com
2. Initiation
The Chief Information Security Officer (CISO) role was taken up by CEO himself, and presented as a Single Point of Contact (SPOC) and was responsible for implementing the requirements of the certification process by organizing and ensuring all tasks were completed on time.
The CISO describes the certification process as, “settling on the scope of implementing and being compliant with ISO 27001 & GDPR took a lot of discussions (facilitated by CertPro) and consideration and there was an agreement that the scope should be tightly tied to our company objectives and ambitions”.
There was also no question that ISO 27001 along with GDPR compliance would be the best fit for the component of Maukaa’s business that focuses on providing key services to managed customers while also securing their data. Accordingly, CertPro was committed to ensuring that all Maukaa benefited from the understanding of the relevant policies, processes, and awareness training that were implemented consistently across the organization.
3. Risk Assessment
While Maukaa had embraced risk-based techniques across their projects there were no official information security risk or data privacy assessments that had been done. The active participation of the management team in the risk assessment was a positive feature, as CISO notes, “ensured an iterative process was followed with much debate and discussion around risk appetite and what risk was acceptable.” The end result was a risk treatment plan that was approved and helped prioritize different risk treatments which fall within the purview of ISO 27001 and GDPR”. Therefore, Maukaa considered the risk assessment process informative and effective with the help of CertPro’s consultants.
4. Policy
success factors
1. Communication
2. Commitment by CEO
value derived from certpro
1. Validation
The certification’s scope was established with regard to infosec and data privacy law, which was always considered a company-wide issue that would benefit all employees. Following the company’s implementation of ISMS and GDPR, with a series of internal presentations and awareness, the interested parties of the organization became much more conscious of the need for information security, as well as the potential consequences if information, particularly customer data, was compromised.
2. Improved Business Mechanism
3. Happy Clients and Business Potential – Worldwide
Maukaa has also formalized its supplier and customer review process, particularly for its important vendors. It has established a more methodical assessment of the client’s policies and processes, including tape backup methods and the employment of suitable background checks on key supplier workers while maintaining a close working relationship with its suppliers. Maukaa has also pushed vendors that are not certified to ISO 27001 to obtain certification or at the very least comply with the Standard. Similarly, abiding by the GDPR law in their work mechanism has paved an effective platform for Maukaa to compete in the global market with an added advantage over competitors. Being compliant with GDPR and ISMS enables Maukaa to gain the trust of its clients and expand its business to different parts of the world today!
What is ISO 27001 Certification?
A system that defines specifications for information security, the basic framework of a set of policies, practices & procedures including regulatory requirements, physical, technical & administrative controls.
How to be GDPR Compliant?
An EU law to protect and secure the data of all individual citizens in EEA, privacy, and security on their personal data. This was mainly introduced on processing personal data of the EEA region individuals.
How to get an iso certification?
Here we have tried to guide our readers on How to get an ISO Certification without much hassle. We have tried to cover the different aspects that are important during ISO Certifications.
VAPT – EVIDENCE OF TECHNICAL SECURITY
What is VAPT, what are VAPT tools? What is the difference between VA and PT? How VAPT can be done internally, externally & by third party? What is black box VAPT, Grey box VAPT, and White box VAPT?