Certification for a secure IT environment

Urgency and Goal

Tangelo Software is a FinTech company that offers cloud-based software to develop financial reports in co-creation with her clients. Because of the absence of a formal assurance certification, Tangelo did no longer meet the qualifications desired by their end-users. Bliss was asked to facilitate this transition.

Getting ISO certified is a tough job for any company. The value of the certification process does not only lie with obtaining the certification itself, but also with gaining insights on how to improve the quality of business processes and operations. The certification assures (potential) clients of the quality and safety of the system and results in more efficient business processes. The project goal was to be succesfully ISAE3402 certified within three months.

The solution and our task

Patrick has facilitated this certification program in the role of business improvement manager. He initiated his project by organising stakeholder-interviews and mapping the digital environment in relation to the ISAE3402 specifications. This resulted in a priority list, that served as the starting point for recording process descriptions and realizing policy changes. Two examples of his deliverables are an administrative policy related to the governance structure and a database for configurations management (CMDB). In co-operation with an internal projectteam, a complete directory of all requirements for certification was set up. This enabled the projectteam to deliver all the required information on the day of the audit!

The IT Manager at Tangelo Software stated: “Patrick is goal-oriented and a self starter. He is communicative, open and has the ability to make it feel like you’ve known him for years. He has a very pleasant way of working: he reaches out to others and invites them to work on tasks collectively wíth him. His personality makes you want to join in!”

Deliverables

The following deliverables were produced by Patrick and his team:

  • An assesment of the current situation;
  • An improvement plan for process organisation and security policy;
  • A report based on the ISAE3402 guidelines;
  • An actionplan for the audit;
  • A proposal for ISAE3402 type 2 certification.

Results

During this project the following results were achieved:

  • Improved processes, policies and controls;
  • An ISAE3402 type 1 certification;
  • An improved market position.

Let’s have coffee!
Meet up (online or in person)

Koffie

Any questions you’d like to ask us about change, your career or something else?

Call us: Telefoon pictogram 071-2206016