PFIKS develops 'Intelligus', a cyber secure social collaboration tool that fully-supports ISO27001
This case study details how IT Governance helped PFIKS achieve ISO27001 certification. Enter your email address at the bottom of this page if you would like a PDF version of this case study. Call us on +44 (0) 845 070 1750 to discuss your own ISO27001 consultancy requirements.
PFIKS Case Study
PFI Knowledge Solutions (PFIKS) has proven expertise in providing a broad range of Information Technology Services to its clients that include a wide range of national government and public sector organisations.
Howard Jones, Executive Director, began the process of gaining ISO27001 certification in 2009 with expert guidance from IT Governance consultants. Initially, the process of ISO27001 was to help secure a major consultancy contract with HMRC. However, PFIKS soon realised that the management systems aspect of the information security standard, enabled them to improve their development processes and ways of working.
Having adopted the ISO27001 standard, developed an Information Security Management System, and gained accredited certification, the team saw an opportunity to develop their new social collaboration tool, Intelligus. Controls found in ISO27001 helped to improve the cybersecurity resilience of this software application – a decision that impressed Allan Mayo, Director of the Services Policy Unit at HM Government’s Department for Business Innovation & Skills, who selected Intelligus as their Collaborative Workspace Environment.
Background
PFIKS provides a broad range of Information Technology Services to its clients. The company also develops ‘Intelligus’, a social business software solution that manages high volumes of collaborative engagement and conversations among distributed teams, project groups or communities of practice – hence, data Confidentiality, Integrity and Access (C-I-A) is a central concern.
Click here to read more »
ISO/IEC 27001 is an international specification that sets out the requirements for businesses and organisations throughout the world to develop an information security management system (ISMS), paying due diligence and doing what senior management determines is necessary to protect its data and related information resources.
In 2009, PFIKS selected IT Governance to help the organisation address the detailed information security requirements set out in a contract awarded by Her Majesty’s Revenue and Customs (HMRC).
IT Governance consultant, Nick Orchiston, was tasked with providing consultancy to the project team, led by Executive Director, Howard Jones. The aim was to achieve accredited certification to the ISO27001 standard within 3 months, demonstrating compliance and providing reassurance to PFIKS’s government and large corporate clients, including HMRC.
Requirements
PFIKS is the developer of a social business software tool used by public funded organisations and not-for profit associations. Intelligus is the next generation of platforms built to manage high volumes of collaborative engagement and conversations among distributed teams, project groups or communities of practice.
Click here to read more »
It builds on the conceptual ideas of popular social media, such as Facebook and LinkedIn, and adds the functionality of public and private project workspaces, but with a host of enterprise-ready features (document sharing and workflow, secure authentication, document level security etc.) to make it cyber secure, private, collaborative and business integration-friendly. The purpose of this innovative software, recently chosen by the Local Government Association (knowledgehub.local.gov.uk) and the Department for Business Innovation & Skills (BIS), is to achieve:
Internal Collaboration
Driving smart working practices that allow colleagues to work effectively together, to disseminate knowledge, to create knowledge hubs, to discuss issues collectively and resolve problems in double quick time.
External Collaboration
Linking organisations with their key partners, stakeholders or clients. Collaborating on joint projects, holding on-line discussions on key issues affecting each organisation. Getting feedback from customers and consumers as and when issues arise, in real time.
Collective Collaboration
When something needs to be done or agreed on, trying to get everyone into the same meeting room can simply take too long or simply isn't practical. Intelligus links up your colleagues, partners, customers and consumers in one collective collaborative environment and shares information, knowledge, viewpoints and comments so that everyone is working for the same goals in a co-ordinated, collaborative way. On-line, when it is needed, without delay.
Link up with the outside world
Live feeds from other social networks and news feeds will expand knowledge from beyond the tight circle of work contacts people work with on a day-to-day basis. It also allows you to tap into what is being talked about in that larger circle, however wide you draw it.
Process
Howard started the project by purchasing an ISO27001 Toolkit from IT Governance, which he customised himself to meet the anticipated requirements of ISO27001 certification by an accredited body (BSI).
“To be honest, when we started, we thought that we could do the whole thing ourselves – the IT Governance toolkit which I found on the web looked, as it indeed was, a bargain to help create our document set and enhance our existing policies; but we also bought the ISO27001 Standard and began to read up on the concepts and ideals of the standard, which meant a page or two digested a day to fit in with my other commitments.”
Click here to read more »
“I wanted to instil an attitude of diligence in our development team, and awareness that following the principles of 27001 would improve our efficiency and lower our support costs. The goal was to establish the credentials of Intelligus as a social business software solution that could be trusted, either as a SaaS or “on-premise” service. By showing compliance, and certification, to ISO27001 we felt would help address concerns that larger organisations have about placing services outside their firewall, or alternatively, give them assurance that the software they were deploying inside their firewall was “safe”. Government organisations across the world have a duty to be cyber resilient, and hence cannot afford to be lax over security policies.”
“We also needed to gain an accredited ISO27001 certificate to prove compliance ourselves; as part of our marketing strategy for Intelligus. We started to adopt the A.11 control set, but then realised that our control choices should really be based on a thorough and professional risk assessment … so that we knew what was going to work, not only for us, but our clients using our software with more involved IT setups and the issues of large organisations in terms of implementing security policies. We have ambitious plans, and putting these controls in place early would ensure that we could manage that growth.”
“The Directors talked it over: we decided that ISO27001 was sufficiently important to our future to use it to achieve improved ways of working within our company and adhere to our security policy and procedures in a completely committed way. We wanted to say to clients: “We educate our staff in ISO27001 policies, procedures and the controls that we adopt because we believe in the management systems approach. Our information security is the best because we manage and deliver our client assignments using a standards-based approach.” In the circumstances, hiring IT Governance consultants to help us complete the process leading to certification was a no brainer. They made us think about everything that we thought we knew, and using their experience of over 100 successful certifications, told us exactly what we required to make ISO27001 work in our situation.”
“My whole team and I are proud of our coveted ISO27001 certification and the way that we achieve secure results for corporate and public sector clients who use Intelligus. In our thinking, the quality and credentials of Intelligus grew out of the ISO27001 standard as much as it did from the collaborative workspace requirements of our clients, who all share our enthusiasm!”
Outcome
Howard is convinced of the value of ISO27001 certification and the management systems approach:
“By adopting 130 of the 133 ISO27001 Controls, PFIKS has been able to:
(a) Improve our own cyber security and management procedures in line with the thinking of much larger global corporate entities and government/public sector organisations, both national and local.
(b) Demonstrate to our prospective clients just how seriously we take information security controls in our software.
Intelligus has been adopted by several UK Police Forces, including the Humberside Police.”
“PFIKS has gained a great deal more than we expected by adopting the ISO27001 standard. We were also extremely impressed by the services, software and resource products – e.g. toolkits – provided by IT Governance. They are a company with strong values at their heart, and considerable skills in their consultants. We were guided through a difficult standard at every step by Nick Orchiston, who showed us – patiently and authoritatively – where we were lacking understanding.
Without the support of IT Governance, we may not have gone forward to achieve certification, but as a businessman with a fast-growing software enterprise, I can say with real confidence: I’m glad we did!”
Download this case study now
To get a PDF version of this case study enter your email address below:
Just as we have helped PFIKS to achieve ISO27001 compliance on time and within budget, so we can help you. Call us now on 0845 070 1750.