There’s no doubt that the Cloud has changed the way most companies do business in the modern era. The developments in technology have drastically transformed how individuals store and access data.
Since its initiation, Cloud technologies have forged paths towards efficiency and enhanced customer experiences, enabling businesses to remain competitive. While Cloud computing services have resulted in many benefits for organisations, it has also presented a number of Cyber Security challenges for Cloud providers, such as data breaches, insider threats and meeting regulatory requirements.
With over twenty years of experience working within the technology industry, M247 is an international leading connectivity and Cloud services partner that has experienced the evolution of cyber threats firsthand.
Due to the ever-evolving threat landscape, and with the rise of Data Protection laws globally, there is a responsibility for businesses and organisations to demonstrate that they are taking reasonable steps to protect the personal information they use. This is where security standards, such as ISO 27001, have an important role in today’s cyber risk landscape.
Securing the Supply Chain
For M247 it was important to partner with an organisation that was aligned to the values of ISO 27001. At MetaCompliance, our ISO 27001 accreditation guarantees that our products are set to the highest standards via approved processes and that we are committed to the international standard for information security.
To demonstrate their commitment to ISO 27001 standards, M247 began working with MetaCompliance to transform its approach to policy management and compliance.
"MetaCompliance has always engaged us to work closely in understanding our requirements and help us to refine this internal service offering.”
A Proactive Approach to Policy Management
The nature of the Cloud environment means that these infrastructures can often be very large and complex, with many end users which can result in vast risks for businesses.
Unfortunately, the greatest data security vulnerability within an organisation is often its own employees and vendors. As such, a lack of Cyber Security policy awareness and training among employees significantly increases the risk of intrusion and attack.
M247 recognised the need to implement a proactive approach to policy management that would help to establish the boundaries of safe Cyber Security behaviour for employees, identify non-compliant users and protect the organisation from litigation.
Before implementing our policy management software, M247 found that policy enforcement had previously been inconsistent and unclear, which often resulted in varying policies and a lack of coordination across departments. This ad-hoc approach also made it difficult to provide an evidence trail of policy acceptance and adaption for ISO 27001 auditors.
An Automated Audit Trail
The consequences of non-compliance can result in major implications for organisations including large financial penalties, government sanctions and potential lawsuits. Acknowledging the risks that a lack of policy management posed for the organisation, M247 wanted a tool that would enable their policies to be automated, auditable, accessible and easily updated.
Using MetaCompliance’s policy management software, M247 can now effectively monitor and manage key policies, demonstrate policy participation and evidence staff attestation, which was essential to meet ISO 27001 standards.
“The most tangible change has been the ability to actually quantify attestation from our user base. This has been invaluable not only to put our own minds at ease that our policies are being read and our training completed but also provides evidence for our external auditors that we take information security seriously.”
In addition to demonstrating compliance, M247 can also evidence that staff has fully understood policies with staff knowledge assessments that enhance awareness of threats, risks, and controls amongst employees.
The policy management software has allowed management to target policies to specific groups of users and educate employees on the laws and regulations applicable to their job. Depending on an employee’s level of access or responsibility, the published policy can specifically address individual employee needs or specific risks which makes it relevant to staff.
With the policy management module, M247 can ensure that all departments in the organisation apply a best practice approach to compliance and provide a single source of truth to allow reporting for management oversight. This has resulted in higher levels of staff engagement and reduced the time-consuming manual processes involved in managing and maintaining policies.
Creating a Compliance Culture in the Cloud
Since the implementation of MetaCompliance’s policy management software, M247 has successfully built a framework where policy and compliance are treated as a part of everyone’s job. Now, the organisation can clearly convey policies to employees and communicate compliance requirements consistently. These efforts have helped to create a culture of compliance and contribute to the safety and success of the organisation.