Mint Management Technologies - The First South African Company To Be Certified 27001 On Home Ground

In a world where criminals can make millions by exploiting software to obtain sensitive information and a regulator has finally been appointed for POPI thus driving renewed focus on risks pertaining to personal information, companies are becoming more and more aware that information security is not a novelty any longer but instead, it is an essential aspect of conducting business. One such company looked into becoming certified with the ISO 27001 standard. When Lauren Clark from Mint Management Technologies discussed information security with her CEO, certification initially seemed easy. “I said ‘Well, why don’t we just get the certification and then it’s done?’”

Together with the IT manager, Lauren drafted the necessary policies and found a specialist from India who could certify the company. When he arrived, however, he decided not to do an audit but instead to work with them as a consultant. He indicated that they had merely scratched the surface and that there was much more work to be done before they could even think of being certified. “It was a big surprise to us exactly how intensive the documentation process was.” After nearly 6 months of hard work, they finally had a working system, a system that continues to need regular maintenance.

At the time, Mint’s system was contained in Excel sheets but integration was not a real option. When the RUBiQ product and service had been described to Lauren, she recognised immediately that it was the way of the future for maintaining their ISO 27001 system. Nicky Downing from RUBiQ elaborated on this: “What they saw was an advantage in the RUBiQ platform. The tool took over the distribution of communication of the policies and procedures, reminded them of when the policies and procedures needed renewal or needed to be reviewed, and it gave them the ability to conduct their internal procedures in a more effective way.”

A few months before the due date of their recertification, RUBiQ informed Mint Management Technologies of a South African company, Caridon, which could undertake the audit. “The biggest drawcard was contextual understanding as well as accessibility and a cost reduction of more than 50%,” Lauren said, about their decision to turn to Caridon for the audit.
Caridon, a specialised group of consultants and auditors, came on board to begin the auditing process for ISO Certification by PECB, an international certification body. This was a milestone for PECB as well since Mint’s certification was the first 27001 certification completed by them in Africa.

With the RUBiQ software, Caridon were able to automate the processes that they would otherwise have had to do manually. “I have never seen anything that does quite what RUBiQ does or can do as a framework,” Brian Henry from Caridon said in an interview. He also noted how more and more companies are not interested in dealing with a company if they do not have certain ISO standards in place, and stressed how important it is for South African companies to bring in formalised structure to the areas where we as a nation have struggled in the past. Adopting international standards will ensure that South Africa will stay ahead in the game and Mint has noticed that this is indeed true for them.

When we asked Brian how he would recommend that a company should undertake a similar ISO 27001 certification, he said, “Sit down with the experts, the ones who understand the certification standard, to implement the management system. There is a rite of passage here as well because you cannot be certified until you have carried out at least one internal audit, a management review of the management system against the standard, and then implemented a continuous improvement program to ensure that it will improve over time. Until you have done all of this, there is no point in calling an auditor.” We asked Nicky where RUBiQ’s system fits into this. She told us that it was built with an understanding of how to entrench the critical processes for compliance rapidly, and in that way make conformance with the standard easier and streamlined.

When asked about the future, Lauren said that Mint Management Technologies would continue to work with Caridon and RUBiQ in order to remain an ISO 27001 certified company because of the trust this brings to the relationship they have with their clients. They also know that this gives them an edge over the competition because their system’s security is validated. And when you realise that ISO compliance is completely integrated into the way they do business and kept that way by the RUBiQ software, we can see that they will be ISO 27001 certified for years to come.

Guideline BizTech is an innovative cloud technology company with a long standing reputation of meeting and exceeding customer requirements. Guideline BizTech develop and support the governance, risk & compliance (GRC) platform RUBiQ.

Guideline BizTech
500 Makou St, Monument Park X2, Pretoria, 0181
Leo van Beek
Office: +27 (0)10 020 4488
info@rubiqbiz.com
http://www.rubi-q.com

This release was published on openPR.