This website uses cookies. View our cookie policy
Close
United Kingdom
Select regional store:

Lanware

Lanware leads the field in London FI sector with ISO27001 certification and regular pen tests

This case study shows how IT Governance helped Lanware achieve ISO27001 certification. Enter your email address at the bottom of this page if you would like a PDF version of this case study. Call us on +44 (0)333 800 7000 to discuss your own ISO27001 consultancy requirements.

Lanware Case Study

Lanware, technology partner to the financial world, has achieved ISO27001 certification – the industry standard for information security management. As an outsourcing provider, it was important that Lanware could demonstrate to all its financial services clients that its business and IT services were absolutely secure.

Lanware focused on finding a mature and internationally recognised solution that would bring information security directly under management control. The ISO27001 standard was selected and Lanware reached out to industry experts, IT Governance Ltd, to assist in its implementation across the business.

Background

The financial industry is Lanware’s principal market and securing data has long been considered of paramount importance.

In 2012, Lanware’s top management re-examined their approach to information security. A rapidly expanding business combined with the all-encompassing nature of its outsourcing services and FCA client base demanded the need to further formalise and strengthen information security across the business.

Providing world-beating ‘cyber security’ and information security was important to Lanware in assuring their supply chain and protecting their own and their clients’ business reputations. But it was also seen as an area of operational activity that could, with external audit assessment, be treated as a differentiating factor in growing their market share.

Requirements

Managing Director Henry Duncombe was the driving force behind the project. Just as Lanware embodies technical best practice and high levels of service quality, Henry believed that information security was a matter that needed expert attention. He sought the engagement of a professional services firm with a strong track record in projects involving ISO27001 certification.

IT Governance Ltd was selected from a number of companies in the field because of their responsiveness in answering Lanware’s questions and the favourable recommendations made by former IT Governance clients who had gained ISO27001 certification.

“Finding the right supplier of consultancy services was the key as far as we were concerned,” said Carl White, Service Manager.

Click here to read more »

Process

Carl outlines the process followed by Lanware’s team, who were assisted by weekly on-site visits by IT Governance consultants. “Our documented information provided evidence that we had selected appropriate information security risk options, taking account of the risk assessment results. And of course, we had determined all the necessary controls necessary to implement the information security risk treatment options that we had chosen.

“Our planning showed clearly to the assessor that we knew how to achieve our information security objectives; including what to do, what resources were required, who would be responsible, when it would be completed; and how the results would be evaluated. All this due diligence fits with our business objectives and strategy. For over 10 years we have focused on enabling Financial Services organisations to grow by increasing their productivity and better managing risk. Our information security management system is a long-term commitment and fits with our stable business model that appeals to the industry that we serve.

Click here to read more »

Outcome

So, has ISO27001 given Lanware a clear business advantage?

In the words of Henry Duncombe, Managing Director of Lanware: “In partnership with IT Governance, we carefully developed our own Information Security Management System which supports the provision of IT services to the Financial Services sector. For us it’s been just as much about good business practice as security, and we have tried throughout to focus on the context of our organisation and the level of assurance required by our clients.

“To achieve certification to the ISO standard Lanware had to assess all areas of potential risk across the business. This assessment showed that many of the existing physical, environmental and technical security controls were in line with industry expectations and the focus needed to be more on areas such as the internal organisation of security and the consistent application of new policies and procedures.

“For any company thinking of outsourcing to a services provider, the issue of the data security offered by their prospective partner should be a primary concern," Henry says. "At Lanware we do not shy away from the fact that we present a potential risk to our clients. We are a critical link in the supply chain and by recognising that risk and dealing with it effectively, we put ourselves in the best position to build trust and stronger relationships."

Click here to read more »

Next Steps

Carl is taking the ISO27001:2005 certification through transition to ISO27001:2013 and is looking forward to further developing IT service management at Lanware in line with ITIL good practice. Lanware has even managed to incorporate information security into a ticket system for service desk management. Carl intends to roll this out to all Lanware’s industry clients. Whenever there is an incident or concern regarding security, they can report this to the IS team in the form of a ticket. “It’s been very well received as a service by our clients.”

Will Lanware gain ISO20000 certification ahead of the major organisations in UK FI considering the ITIL-based standard? “Perhaps,” says Carl, “But for now we have a USP compared to other technology providers: we are ISO27001 certified!”

Download this case study now

To get a PDF version of this case study enter your email address below and we will send you a copy straight away.

Just as we have helped our client to achieve certified ISO27001 compliance on time and within budget so we can help you. Call us now on 0845 070 1750.