Certification for a secure IT environment at Tangelo Software

Urgency and Goal

Tangelo Software is a FinTech company that offers cloud-based software to develop financial reports in co-creation with her clients. Because of the absence of a formal assurance certification, Tangelo did no longer meet the qualifications desired by their end-users. Bliss was asked to facilitate this transition.

Getting ISO certified is a tough job for any company. The value of the certification process does not only lie with obtaining the certification itself, but also with gaining insights on how to improve the quality of business processes and operations. The certification assures (potential) clients of the quality and safety of the system and results in more efficient business processes. The project goal was to be successfully ISAE3402 certified within three months.

The solution and our role

Patrick has facilitated the implementation of this certification in the role of implementation manager. He initiated his project by organising stakeholder-interviews and mapping the digital environment in relation to the ISAE3402 specifications. This resulted in a priority list, that served as the starting point for recording process descriptions and realizing policy changes. Two examples of his deliverables are an administrative policy related to the governance structure and a database for configurations management (CMDB). In co-operation with an internal team, a complete directory of all requirements for certification was set up. This enabled the team to deliver all the required information on the day of the audit!

“Patrick is self starting and goal oriented. He is communicative and is able to make it seem like you know him for yours in a short period of time. His way of working is pleasant. His style is to invite others to work with him. His personality gets you excited to get to work.”

– MARC VAHSEN | IT MANAGER AT TANGELO SOFTWARE

Deliverables

The following deliverables were produced by Patrick and his team:

  • An assessment of the current situation;
  • An improvement plan for process organisation and security policy;
  • A report based on the ISAE3402 guidelines;
  • An action plan for the audit;
  • A proposal for ISAE3402 type 2 certification.

Results

During this project the following results were achieved:

  • Improved processes, policies and controls;
  • An ISAE3402 type 1 certification;
  • An improved market position.